https://www.slackwiki.com/api.php?action=feedcontributions&feedformat=atom&user=AdrienSlackWiki - User contributions [en]2026-04-08T13:05:18ZUser contributionsMediaWiki 1.40.0https://www.slackwiki.com/index.php?title=Category:Security:SSA&diff=647Category:Security:SSA2012-01-31T10:53:36Z<p>Adrien: mozilla-thunderbird</p>
<hr />
<div>Slackware has recently started to be inactive. At the same time, a number of security issues have been found in various components. This page aims at listing them in order to help everyone know which components have known vulnerabilities.<br />
<br />
The list below is provided as-is. It is meant to be as good as possible but we can't guarantee anything. It is sorted by slackware categories: a/, ap/, d/, ...<br />
<br />
A more comprehensive effort might appear at some point in the future (binary packages?) but this is currently only a list of packages and their CVEs when applicable and useful. In some cases, we consider pointing out a specific CVE is not useful because of the number of issues (i.e. get the last version; e.g. mozilla-*).<br />
<br />
The CVEs are typically listed as follow:<br />
${SUMMARY}<br />
* Fix:<br />
** Fixed upstream on: ${DATE}<br />
** Available in version: ${UPSTREAM_VERSION_WITH_FIX} (-current ${VERSION_IN_CURRENT}; -stable: ${VERSION_IN_13_37})<br />
** Upstream commit: ${URL_TO_THE_SPECIFIC_FIX_COMMIT}<br />
<br />
== a ==<br />
=== cups ===<br />
==== [http://cvedetails.com/cve/CVE-2011-3170 CVE-2011-3170] (Execute Code, Overflow) affected: current, 13.37 and all before ====<br />
The gif_read_lzw function in filter/image-gif.c in CUPS 1.4.8 and earlier does not properly handle the first code word in an LZW stream, which allows remote attackers to trigger a heap-based buffer overflow, and possibly execute arbitrary code, via a crafted stream, a different vulnerability than CVE-2011-2896. <br />
<br />
==== [http://cvedetails.com/cve/CVE-2011-2896 CVE-2011-2896] (Execute Code, Overflow) affected: current, 13.37 and all before ====<br />
The LZW decompressor in the LWZReadByte function in giftoppm.c in the David Koblas GIF decoder in PBMPLUS, as used in the gif_read_lzw function in filter/image-gif.c in CUPS before 1.4.7, the LZWReadByte function in plug-ins/common/file-gif-load.c in GIMP 2.6.11 and earlier, the LZWReadByte function in img/gifread.c in XPCE in SWI-Prolog 5.10.4 and earlier, and other products, does not properly handle code words that are absent from the decompression table when encountered, which allows remote attackers to trigger an infinite loop or a heap-based buffer overflow, and possibly execute arbitrary code, via a crafted compressed stream, a related issue to CVE-2006-1168 and CVE-2011-2895. <br />
<br />
== d ==<br />
=== perl === <br />
==== [http://cvedetails.com/cve/CVE-2011-2939 CVE-2011-2939] (Denial Of Service, Overflow, Memory corruption) affected: current, 13.37 through 10.0 ====<br />
Off-by-one error in the decode_xs function in Unicode/Unicode.xs in the Encode module before 2.44, as used in Perl before 5.15.6, might allow context-dependent attackers to cause a denial of service (memory corruption) via a crafted Unicode string, which triggers a heap-based buffer overflow [http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2939 (on cve.mitre.org)].<br />
* Fix:<br />
** Fixed upstream on: Tue, 9 Aug 2011<br />
** Available in version: 5.14.2 (-current: 5.14.0; -stable: 5.12.3)<br />
** Commit: http://perl5.git.perl.org/perl.git/commitdiff/e46d973584785af1f445c4dedbee4243419cb860#patch5<br />
<br />
=== ruby ===<br />
==== [http://cvedetails.com/cve/CVE-2011-2705 CVE-2011-2705] (PRNG weakness) affected: current, 13.37 and all before ====<br />
The SecureRandom.random_bytes function in lib/securerandom.rb in Ruby before 1.8.7-p352 and 1.9.x before 1.9.2-p290 relies on PID values for initialization, which makes it easier for context-dependent attackers to predict the result string by leveraging knowledge of random strings obtained in an earlier process with the same PID.<br />
<br />
==== [http://cvedetails.com/cve/CVE-2011-0188 CVE-2011-0188] (Denial Of Service, Execute Code) affected: current, 13.37 and all before ====<br />
The VpMemAlloc function in bigdecimal.c in the BigDecimal class in Ruby 1.9.2-p136 and earlier, as used on Apple Mac OS X before 10.6.7 and other platforms, does not properly allocate memory, which allows context-dependent attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving creation of a large BigDecimal value within a 64-bit process, related to an "integer truncation issue."<br />
<br />
== e ==<br />
=== emacs ===<br />
<br />
== k ==<br />
=== kernel ===<br />
<br />
== l ==<br />
=== t1lib ===<br />
==== [http://cvedetails.com/cve/CVE-2011-1554 CVE-2011-1554] (Denial Of Service, Overflow) affected: current, 13.37 and all before ====<br />
Off-by-one error in t1lib 5.1.2 and earlier, as used in Xpdf before 3.02pl6 and other products, allows remote attackers to cause a denial of service (application crash) via a PDF document containing a crafted Type 1 font that triggers an invalid memory read, integer overflow, and invalid pointer dereference, a different vulnerability than CVE-2011-0764.<br />
<br />
==== [http://cvedetails.com/cve/CVE-2011-1553 CVE-2011-1553] (Denial Of Service) affected: current, 13.37 and all before ====<br />
Use-after-free vulnerability in t1lib 5.1.2 and earlier, as used in Xpdf before 3.02pl6 and other products, allows remote attackers to cause a denial of service (application crash) via a PDF document containing a crafted Type 1 font that triggers an invalid memory write, a different vulnerability than CVE-2011-0764.<br />
<br />
==== [http://cvedetails.com/cve/CVE-2011-1552 CVE-2011-1552] (Denial Of Service, Overflow) affected: current, 13.37 and all before ====<br />
t1lib 5.1.2 and earlier, as used in Xpdf before 3.02pl6 and other products, reads from invalid memory locations, which allows remote attackers to cause a denial of service (application crash) via a crafted Type 1 font in a PDF document, a different vulnerability than CVE-2011-0764.<br />
<br />
==== [http://cvedetails.com/cve/CVE-2011-0764 CVE-2011-0764] (Execute Code) affected: current, 13.37 and all before ====<br />
t1lib 5.1.2 and earlier, as used in Xpdf before 3.02pl6 and other products, uses an invalid pointer in conjunction with a dereference operation, which allows remote attackers to execute arbitrary code via a crafted Type 1 font in a PDF document, as demonstrated by testz.2184122398.pdf.<br />
<br />
=== freetype2 ===<br />
==== [http://cvedetails.com/cve/CVE-2011-0226 CVE-2011-0226] (Denial Of Service, Execute Code, Memory corruption) affected: current, 13.37 and all before ====<br />
Integer signedness error in psaux/t1decode.c in FreeType before 2.4.6, as used in CoreGraphics in Apple iOS before 4.2.9 and 4.3.x before 4.3.4 and other products, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted Type 1 font in a PDF document, as exploited in the wild in July 2011.<br />
<br />
=== libxml2 ===<br />
==== [http://cvedetails.com/cve/CVE-2011-1944 CVE-2011-1944] (Denial Of Service, Execute Code, Overflow) affected: current, 13.37 and all before ====<br />
Integer overflow in xpath.c in libxml2 2.6.x through 2.6.32 and 2.7.x through 2.7.8, and libxml 1.8.16 and earlier, allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted XML file that triggers a heap-based buffer overflow when adding a new namespace node, related to handling of XPath expressions. <br />
<br />
== n ==<br />
=== httpd ===<br />
==== [http://cvedetails.com/cve/CVE-2011-4415 CVE-2011-4415] (Denial Of Service) affected: current, 13.37 and all before ====<br />
The ap_pregsub function in server/util.c in the Apache HTTP Server 2.0.x through 2.0.64 and 2.2.x through 2.2.21, when the mod_setenvif module is enabled, does not restrict the size of values of environment variables, which allows local users to cause a denial of service (memory consumption or NULL pointer dereference) via a .htaccess file with a crafted SetEnvIf directive, in conjunction with a crafted HTTP request header, related to (1) the "len +=" statement and (2) the apr_pcalloc function call, a different vulnerability than CVE-2011-3607. <br />
<br />
==== [http://cvedetails.com/cve/CVE-2011-3607 CVE-2011-3607] (Overflow, Gain privileges) affected: current, 13.37 and all before ====<br />
Integer overflow in the ap_pregsub function in server/util.c in the Apache HTTP Server 2.0.x through 2.0.64 and 2.2.x through 2.2.21, when the mod_setenvif module is enabled, allows local users to gain privileges via a .htaccess file with a crafted SetEnvIf directive, in conjunction with a crafted HTTP request header, leading to a heap-based buffer overflow. <br />
<br />
==== [http://cvedetails.com/cve/CVE-2011-3368 CVE-2011-3368] affected: current, 13.37 and all before ====<br />
The mod_proxy module in the Apache HTTP Server 1.3.x through 1.3.42, 2.0.x through 2.0.64, and 2.2.x through 2.2.21 does not properly interact with use of (1) RewriteRule and (2) ProxyPassMatch pattern matches for configuration of a reverse proxy, which allows remote attackers to send requests to intranet servers via a malformed URI containing an initial @ (at sign) character.<br />
<br />
=== dhcp ===<br />
==== [http://cvedetails.com/cve/CVE-2011-4868 CVE-2011-4868] (Denial Of Service) affected: current, 13.37, and all before ====<br />
The logging functionality in dhcpd in ISC DHCP before 4.2.3-P2, when using Dynamic DNS (DDNS) and issuing IPv6 addresses, does not properly handle the DHCPv6 lease structure, which allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via crafted packets related to a lease-status update.<br />
<br />
==== [http://cvedetails.com/cve/CVE-2011-4539 CVE-2011-4539] (Denial Of Service) affected: current, 13.37, 13.1 ====<br />
dhcpd in ISC DHCP 4.x before 4.2.3-P1 and 4.1-ESV before 4.1-ESV-R4 does not properly handle regular expressions in dhcpd.conf, which allows remote attackers to cause a denial of service (daemon crash) via a crafted request packet.<br />
<br />
==== [http://cvedetails.com/cve/CVE-2011-2749 CVE-2011-2749] (Denial Of Service) affected: current, 13.37, and all before ====<br />
The server in ISC DHCP 3.x and 4.x before 4.2.2, 3.1-ESV before 3.1-ESV-R3, and 4.1-ESV before 4.1-ESV-R3 allows remote attackers to cause a denial of service (daemon exit) via a crafted BOOTP packet.<br />
<br />
==== [http://cvedetails.com/cve/CVE-2011-2748 CVE-2011-2748] (Denial Of Service) affected: current, 13.37, and all before ====<br />
The server in ISC DHCP 3.x and 4.x before 4.2.2, 3.1-ESV before 3.1-ESV-R3, and 4.1-ESV before 4.1-ESV-R3 allows remote attackers to cause a denial of service (daemon exit) via a crafted DHCP packet.<br />
<br />
=== openssl ===<br />
==== [http://cvedetails.com/cve/CVE-2012-0027 CVE-2012-0027] (Denial Of Service) affected: current, 13.37, and all before ====<br />
The GOST ENGINE in OpenSSL before 1.0.0f does not properly handle invalid parameters for the GOST block cipher, which allows remote attackers to cause a denial of service (daemon crash) via crafted data from a TLS client.<br />
<br />
==== [http://cvedetails.com/cve/CVE-2011-4619 CVE-2011-4619] (Denial Of Service) affected: current, 13.37, and all before ====<br />
The Server Gated Cryptography (SGC) implementation in OpenSSL before 0.9.8s and 1.x before 1.0.0f does not properly handle handshake restarts, which allows remote attackers to cause a denial of service via unspecified vectors.<br />
<br />
==== [http://cvedetails.com/cve/CVE-2011-4576 CVE-2011-4576] (Obtain Information) affected: current, 13.37, and all before ====<br />
The SSL 3.0 implementation in OpenSSL before 0.9.8s and 1.x before 1.0.0f does not properly initialize data structures for block cipher padding, which might allow remote attackers to obtain sensitive information by decrypting the padding data sent by an SSL peer.<br />
<br />
==== [http://cvedetails.com/cve/CVE-2011-4109 CVE-2011-4109] (unspecified impact) affected: current, 13.37 through 11.0 ====<br />
Double free vulnerability in OpenSSL 0.9.8 before 0.9.8s, when X509_V_FLAG_POLICY_CHECK is enabled, allows remote attackers to have an unspecified impact by triggering failure of a policy check.<br />
<br />
==== [http://cvedetails.com/cve/CVE-2011-4108 CVE-2011-4108] affected: current, 13.37, and all before ====<br />
The DTLS implementation in OpenSSL before 0.9.8s and 1.x before 1.0.0f performs a MAC check only if certain padding is valid, which makes it easier for remote attackers to recover plaintext via a padding oracle attack.<br />
<br />
==== [http://cvedetails.com/cve/CVE-2011-3210 CVE-2011-3210] (Denial Of Service) affected: current, 13.37 through 11.0 ====<br />
The ephemeral ECDH ciphersuite functionality in OpenSSL 0.9.8 through 0.9.8r and 1.0.x before 1.0.0e does not ensure thread safety during processing of handshake messages from clients, which allows remote attackers to cause a denial of service (daemon crash) via out-of-order messages that violate the TLS protocol.<br />
<br />
=== proftpd ===<br />
==== [http://cvedetails.com/cve/CVE-2011-4130 CVE-2011-4130] (Execute Code) affected: current, 13.37, and all before ====<br />
([http://bugs.proftpd.org/show_bug.cgi?id=3711 proftpd bug tracker #3711])<br />
<br />
Use-after-free vulnerability in the Response API in ProFTPD '''before 1.3.3g''' allows remote authenticated users to execute arbitrary code via vectors involving an error that occurs after an FTP data transfer.<br />
<br />
=== php ===<br />
==== [http://cvedetails.com/cve/CVE-2011-4885 CVE-2011-4885] (Denial Of Service) affected: current, 13.37 and all before ====<br />
PHP before 5.3.9 computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters.<br />
<br />
==== [http://cvedetails.com/cve/CVE-2011-3379 CVE-2011-3379] (Execute Code) affected: current, 13.37 through 12.0 ====<br />
The is_a function in PHP 5.3.7 and 5.3.8 triggers a call to the __autoload function, which makes it easier for remote attackers to execute arbitrary code by providing a crafted URL and leveraging potentially unsafe behavior in certain PEAR packages and custom autoloaders.<br />
<br />
=== curl ===<br />
==== [http://curl.haxx.se/docs/adv_20120124.html CVE-2012-0036] (Execute Code) affected: current, and all before ====<br />
curl is vulnerable to a data injection attack for certain protocols through control characters embedded or percent-encoded in URLs.<br />
<br />
==== [http://curl.haxx.se/docs/adv_20120124B.html CVE-2011-3389] (man-in-the-middle attacks) affected: current, 13.37 ====<br />
curl is vulnerable to a SSL CBC IV vulnerability when built to use OpenSSL for the SSL/TLS layer.<br />
<br />
== x ==<br />
=== libXfont ===<br />
==== [http://cvedetails.com/cve/CVE-2011-2895 CVE-2011-2895] (Execute Code, Overflow) affected: current, 13.37 and all before ====<br />
The LZW decompressor in (1) the BufCompressedFill function in fontfile/decompress.c in X.Org libXfont before 1.4.4 and (2) compress/compress.c in 4.3BSD, as used in zopen.c in OpenBSD before 3.8, FreeBSD, NetBSD 4.0.x and 5.0.x before 5.0.3 and 5.1.x before 5.1.1, FreeType 2.1.9, and other products, does not properly handle code words that are absent from the decompression table when encountered, which allows context-dependent attackers to trigger an infinite loop or a heap-based buffer overflow, and possibly execute arbitrary code, via a crafted compressed stream, a related issue to CVE-2006-1168 and CVE-2011-2896.<br />
<br />
== xap ==<br />
=== pidgin ===<br />
==== [http://cvedetails.com/cve/CVE-2011-4603 CVE-2011-4603] (Denial Of Service) affected: current, 13.37 and all before ====<br />
The silc_channel_message function in ops.c in the SILC protocol plugin in libpurple in Pidgin before 2.10.1 does not perform the expected UTF-8 validation on message data, which allows remote attackers to cause a denial of service (application crash) via a crafted message, a different vulnerability than CVE-2011-3594.<br />
<br />
==== [http://cvedetails.com/cve/CVE-2011-4602 CVE-2011-4602] (Denial Of Service) affected: current, 13.37 and all before ====<br />
The XMPP protocol plugin in libpurple in Pidgin before 2.10.1 does not properly handle missing fields in (1) voice-chat and (2) video-chat stanzas, which allows remote attackers to cause a denial of service (application crash) via a crafted message.<br />
<br />
==== [http://cvedetails.com/cve/CVE-2011-4601 CVE-2011-4601] (Denial Of Service) affected: current, 13.37 and all before ====<br />
family_feedbag.c in the oscar protocol plugin in libpurple in Pidgin before 2.10.1 does not perform the expected UTF-8 validation on message data, which allows remote attackers to cause a denial of service (application crash) via a crafted (1) AIM or (2) ICQ message associated with buddy-list addition.<br />
<br />
==== [http://cvedetails.com/cve/CVE-2011-3594 CVE-2011-3594] (Denial Of Service, Overflow) affected: current, 13.37 and all before ====<br />
The g_markup_escape_text function in the SILC protocol plug-in in libpurple 2.10.0 and earlier, as used in Pidgin and possibly other products, allows remote attackers to cause a denial of service (crash) via invalid UTF-8 sequences that trigger use of invalid pointers and an out-of-bounds read, related to interactions with certain versions of glib2.<br />
<br />
==== [http://cvedetails.com/cve/CVE-2011-3184 CVE-2011-3184] (Denial Of Service) affected: current, 13.37 and all before ====<br />
The msn_httpconn_parse_data function in httpconn.c in the MSN protocol plugin in libpurple in Pidgin before 2.10.0 does not properly handle HTTP 100 responses, which allows remote attackers to cause a denial of service (incorrect memory access and application crash) via vectors involving a crafted server message.<br />
<br />
==== [http://cvedetails.com/cve/CVE-2011-2943 CVE-2011-2943] (Denial Of Service) affected: current, 13.37 and all before ====<br />
The irc_msg_who function in msgs.c in the IRC protocol plugin in libpurple 2.8.0 through 2.9.0 in Pidgin before 2.10.0 does not properly validate characters in nicknames, which allows user-assisted remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted nickname that is not properly handled in a WHO response.<br />
<br />
=== mozilla-firefox (various issues, all versions impacted) ===<br />
From http://www.mozilla.org/security/known-vulnerabilities/firefox.html#firefox9, at LEAST:<br />
<br />
Fixed in Firefox 9:<br />
*MFSA 2011-58 Crash scaling <video> to extreme sizes<br />
*MFSA 2011-57 Crash when plugin removes itself on Mac OS X<br />
*MFSA 2011-56 Key detection without JavaScript via SVG animation<br />
*MFSA 2011-55 nsSVGValue out-of-bounds access<br />
*MFSA 2011-54 Potentially exploitable crash in the YARR regular expression library<br />
*MFSA 2011-53 Miscellaneous memory safety hazards (rv:9.0)<br />
<br />
=== mozilla-thunderbird (various issues, all versions impacted) ===<br />
From http://www.mozilla.org/security/known-vulnerabilities/thunderbird.html#thunderbird9, at LEAST:<br />
<br />
Fixed in Thunderbird 9:<br />
*MFSA 2011-58 Crash scaling <video> to extreme sizes<br />
*MFSA 2011-57 Crash when plugin removes itself on Mac OS X<br />
*MFSA 2011-56 Key detection without JavaScript via SVG animation<br />
*MFSA 2011-55 nsSVGValue out-of-bounds access<br />
*MFSA 2011-54 Potentially exploitable crash in the YARR regular expression library<br />
*MFSA 2011-53 Miscellaneous memory safety hazards (rv:9.0)<br />
<br />
=== seamonkey (various issues, all versions impacted) ===<br />
From http://www.mozilla.org/security/known-vulnerabilities/seamonkey.html#seamonkey2.6, at LEAST:<br />
<br />
Fixed in SeaMonkey 2.6:<br />
*MFSA 2011-58 Crash scaling <video> to extreme sizes<br />
*MFSA 2011-57 Crash when plugin removes itself on Mac OS X<br />
*MFSA 2011-56 Key detection without JavaScript via SVG animation<br />
*MFSA 2011-55 nsSVGValue out-of-bounds access<br />
*MFSA 2011-54 Potentially exploitable crash in the YARR regular expression library<br />
*MFSA 2011-53 Miscellaneous memory safety hazards (rv:9.0)</div>Adrienhttps://www.slackwiki.com/index.php?title=Category:Security:SSA&diff=646Category:Security:SSA2012-01-31T10:49:13Z<p>Adrien: seamonkey</p>
<hr />
<div>Slackware has recently started to be inactive. At the same time, a number of security issues have been found in various components. This page aims at listing them in order to help everyone know which components have known vulnerabilities.<br />
<br />
The list below is provided as-is. It is meant to be as good as possible but we can't guarantee anything. It is sorted by slackware categories: a/, ap/, d/, ...<br />
<br />
A more comprehensive effort might appear at some point in the future (binary packages?) but this is currently only a list of packages and their CVEs when applicable and useful. In some cases, we consider pointing out a specific CVE is not useful because of the number of issues (i.e. get the last version; e.g. mozilla-*).<br />
<br />
The CVEs are typically listed as follow:<br />
${SUMMARY}<br />
* Fix:<br />
** Fixed upstream on: ${DATE}<br />
** Available in version: ${UPSTREAM_VERSION_WITH_FIX} (-current ${VERSION_IN_CURRENT}; -stable: ${VERSION_IN_13_37})<br />
** Upstream commit: ${URL_TO_THE_SPECIFIC_FIX_COMMIT}<br />
<br />
== a ==<br />
=== cups ===<br />
==== [http://cvedetails.com/cve/CVE-2011-3170 CVE-2011-3170] (Execute Code, Overflow) affected: current, 13.37 and all before ====<br />
The gif_read_lzw function in filter/image-gif.c in CUPS 1.4.8 and earlier does not properly handle the first code word in an LZW stream, which allows remote attackers to trigger a heap-based buffer overflow, and possibly execute arbitrary code, via a crafted stream, a different vulnerability than CVE-2011-2896. <br />
<br />
==== [http://cvedetails.com/cve/CVE-2011-2896 CVE-2011-2896] (Execute Code, Overflow) affected: current, 13.37 and all before ====<br />
The LZW decompressor in the LWZReadByte function in giftoppm.c in the David Koblas GIF decoder in PBMPLUS, as used in the gif_read_lzw function in filter/image-gif.c in CUPS before 1.4.7, the LZWReadByte function in plug-ins/common/file-gif-load.c in GIMP 2.6.11 and earlier, the LZWReadByte function in img/gifread.c in XPCE in SWI-Prolog 5.10.4 and earlier, and other products, does not properly handle code words that are absent from the decompression table when encountered, which allows remote attackers to trigger an infinite loop or a heap-based buffer overflow, and possibly execute arbitrary code, via a crafted compressed stream, a related issue to CVE-2006-1168 and CVE-2011-2895. <br />
<br />
== d ==<br />
=== perl === <br />
==== [http://cvedetails.com/cve/CVE-2011-2939 CVE-2011-2939] (Denial Of Service, Overflow, Memory corruption) affected: current, 13.37 through 10.0 ====<br />
Off-by-one error in the decode_xs function in Unicode/Unicode.xs in the Encode module before 2.44, as used in Perl before 5.15.6, might allow context-dependent attackers to cause a denial of service (memory corruption) via a crafted Unicode string, which triggers a heap-based buffer overflow [http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2939 (on cve.mitre.org)].<br />
* Fix:<br />
** Fixed upstream on: Tue, 9 Aug 2011<br />
** Available in version: 5.14.2 (-current: 5.14.0; -stable: 5.12.3)<br />
** Commit: http://perl5.git.perl.org/perl.git/commitdiff/e46d973584785af1f445c4dedbee4243419cb860#patch5<br />
<br />
=== ruby ===<br />
==== [http://cvedetails.com/cve/CVE-2011-2705 CVE-2011-2705] (PRNG weakness) affected: current, 13.37 and all before ====<br />
The SecureRandom.random_bytes function in lib/securerandom.rb in Ruby before 1.8.7-p352 and 1.9.x before 1.9.2-p290 relies on PID values for initialization, which makes it easier for context-dependent attackers to predict the result string by leveraging knowledge of random strings obtained in an earlier process with the same PID.<br />
<br />
==== [http://cvedetails.com/cve/CVE-2011-0188 CVE-2011-0188] (Denial Of Service, Execute Code) affected: current, 13.37 and all before ====<br />
The VpMemAlloc function in bigdecimal.c in the BigDecimal class in Ruby 1.9.2-p136 and earlier, as used on Apple Mac OS X before 10.6.7 and other platforms, does not properly allocate memory, which allows context-dependent attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving creation of a large BigDecimal value within a 64-bit process, related to an "integer truncation issue."<br />
<br />
== e ==<br />
=== emacs ===<br />
<br />
== k ==<br />
=== kernel ===<br />
<br />
== l ==<br />
=== t1lib ===<br />
==== [http://cvedetails.com/cve/CVE-2011-1554 CVE-2011-1554] (Denial Of Service, Overflow) affected: current, 13.37 and all before ====<br />
Off-by-one error in t1lib 5.1.2 and earlier, as used in Xpdf before 3.02pl6 and other products, allows remote attackers to cause a denial of service (application crash) via a PDF document containing a crafted Type 1 font that triggers an invalid memory read, integer overflow, and invalid pointer dereference, a different vulnerability than CVE-2011-0764.<br />
<br />
==== [http://cvedetails.com/cve/CVE-2011-1553 CVE-2011-1553] (Denial Of Service) affected: current, 13.37 and all before ====<br />
Use-after-free vulnerability in t1lib 5.1.2 and earlier, as used in Xpdf before 3.02pl6 and other products, allows remote attackers to cause a denial of service (application crash) via a PDF document containing a crafted Type 1 font that triggers an invalid memory write, a different vulnerability than CVE-2011-0764.<br />
<br />
==== [http://cvedetails.com/cve/CVE-2011-1552 CVE-2011-1552] (Denial Of Service, Overflow) affected: current, 13.37 and all before ====<br />
t1lib 5.1.2 and earlier, as used in Xpdf before 3.02pl6 and other products, reads from invalid memory locations, which allows remote attackers to cause a denial of service (application crash) via a crafted Type 1 font in a PDF document, a different vulnerability than CVE-2011-0764.<br />
<br />
==== [http://cvedetails.com/cve/CVE-2011-0764 CVE-2011-0764] (Execute Code) affected: current, 13.37 and all before ====<br />
t1lib 5.1.2 and earlier, as used in Xpdf before 3.02pl6 and other products, uses an invalid pointer in conjunction with a dereference operation, which allows remote attackers to execute arbitrary code via a crafted Type 1 font in a PDF document, as demonstrated by testz.2184122398.pdf.<br />
<br />
=== freetype2 ===<br />
==== [http://cvedetails.com/cve/CVE-2011-0226 CVE-2011-0226] (Denial Of Service, Execute Code, Memory corruption) affected: current, 13.37 and all before ====<br />
Integer signedness error in psaux/t1decode.c in FreeType before 2.4.6, as used in CoreGraphics in Apple iOS before 4.2.9 and 4.3.x before 4.3.4 and other products, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted Type 1 font in a PDF document, as exploited in the wild in July 2011.<br />
<br />
=== libxml2 ===<br />
==== [http://cvedetails.com/cve/CVE-2011-1944 CVE-2011-1944] (Denial Of Service, Execute Code, Overflow) affected: current, 13.37 and all before ====<br />
Integer overflow in xpath.c in libxml2 2.6.x through 2.6.32 and 2.7.x through 2.7.8, and libxml 1.8.16 and earlier, allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted XML file that triggers a heap-based buffer overflow when adding a new namespace node, related to handling of XPath expressions. <br />
<br />
== n ==<br />
=== httpd ===<br />
==== [http://cvedetails.com/cve/CVE-2011-4415 CVE-2011-4415] (Denial Of Service) affected: current, 13.37 and all before ====<br />
The ap_pregsub function in server/util.c in the Apache HTTP Server 2.0.x through 2.0.64 and 2.2.x through 2.2.21, when the mod_setenvif module is enabled, does not restrict the size of values of environment variables, which allows local users to cause a denial of service (memory consumption or NULL pointer dereference) via a .htaccess file with a crafted SetEnvIf directive, in conjunction with a crafted HTTP request header, related to (1) the "len +=" statement and (2) the apr_pcalloc function call, a different vulnerability than CVE-2011-3607. <br />
<br />
==== [http://cvedetails.com/cve/CVE-2011-3607 CVE-2011-3607] (Overflow, Gain privileges) affected: current, 13.37 and all before ====<br />
Integer overflow in the ap_pregsub function in server/util.c in the Apache HTTP Server 2.0.x through 2.0.64 and 2.2.x through 2.2.21, when the mod_setenvif module is enabled, allows local users to gain privileges via a .htaccess file with a crafted SetEnvIf directive, in conjunction with a crafted HTTP request header, leading to a heap-based buffer overflow. <br />
<br />
==== [http://cvedetails.com/cve/CVE-2011-3368 CVE-2011-3368] affected: current, 13.37 and all before ====<br />
The mod_proxy module in the Apache HTTP Server 1.3.x through 1.3.42, 2.0.x through 2.0.64, and 2.2.x through 2.2.21 does not properly interact with use of (1) RewriteRule and (2) ProxyPassMatch pattern matches for configuration of a reverse proxy, which allows remote attackers to send requests to intranet servers via a malformed URI containing an initial @ (at sign) character.<br />
<br />
=== dhcp ===<br />
==== [http://cvedetails.com/cve/CVE-2011-4868 CVE-2011-4868] (Denial Of Service) affected: current, 13.37, and all before ====<br />
The logging functionality in dhcpd in ISC DHCP before 4.2.3-P2, when using Dynamic DNS (DDNS) and issuing IPv6 addresses, does not properly handle the DHCPv6 lease structure, which allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via crafted packets related to a lease-status update.<br />
<br />
==== [http://cvedetails.com/cve/CVE-2011-4539 CVE-2011-4539] (Denial Of Service) affected: current, 13.37, 13.1 ====<br />
dhcpd in ISC DHCP 4.x before 4.2.3-P1 and 4.1-ESV before 4.1-ESV-R4 does not properly handle regular expressions in dhcpd.conf, which allows remote attackers to cause a denial of service (daemon crash) via a crafted request packet.<br />
<br />
==== [http://cvedetails.com/cve/CVE-2011-2749 CVE-2011-2749] (Denial Of Service) affected: current, 13.37, and all before ====<br />
The server in ISC DHCP 3.x and 4.x before 4.2.2, 3.1-ESV before 3.1-ESV-R3, and 4.1-ESV before 4.1-ESV-R3 allows remote attackers to cause a denial of service (daemon exit) via a crafted BOOTP packet.<br />
<br />
==== [http://cvedetails.com/cve/CVE-2011-2748 CVE-2011-2748] (Denial Of Service) affected: current, 13.37, and all before ====<br />
The server in ISC DHCP 3.x and 4.x before 4.2.2, 3.1-ESV before 3.1-ESV-R3, and 4.1-ESV before 4.1-ESV-R3 allows remote attackers to cause a denial of service (daemon exit) via a crafted DHCP packet.<br />
<br />
=== openssl ===<br />
==== [http://cvedetails.com/cve/CVE-2012-0027 CVE-2012-0027] (Denial Of Service) affected: current, 13.37, and all before ====<br />
The GOST ENGINE in OpenSSL before 1.0.0f does not properly handle invalid parameters for the GOST block cipher, which allows remote attackers to cause a denial of service (daemon crash) via crafted data from a TLS client.<br />
<br />
==== [http://cvedetails.com/cve/CVE-2011-4619 CVE-2011-4619] (Denial Of Service) affected: current, 13.37, and all before ====<br />
The Server Gated Cryptography (SGC) implementation in OpenSSL before 0.9.8s and 1.x before 1.0.0f does not properly handle handshake restarts, which allows remote attackers to cause a denial of service via unspecified vectors.<br />
<br />
==== [http://cvedetails.com/cve/CVE-2011-4576 CVE-2011-4576] (Obtain Information) affected: current, 13.37, and all before ====<br />
The SSL 3.0 implementation in OpenSSL before 0.9.8s and 1.x before 1.0.0f does not properly initialize data structures for block cipher padding, which might allow remote attackers to obtain sensitive information by decrypting the padding data sent by an SSL peer.<br />
<br />
==== [http://cvedetails.com/cve/CVE-2011-4109 CVE-2011-4109] (unspecified impact) affected: current, 13.37 through 11.0 ====<br />
Double free vulnerability in OpenSSL 0.9.8 before 0.9.8s, when X509_V_FLAG_POLICY_CHECK is enabled, allows remote attackers to have an unspecified impact by triggering failure of a policy check.<br />
<br />
==== [http://cvedetails.com/cve/CVE-2011-4108 CVE-2011-4108] affected: current, 13.37, and all before ====<br />
The DTLS implementation in OpenSSL before 0.9.8s and 1.x before 1.0.0f performs a MAC check only if certain padding is valid, which makes it easier for remote attackers to recover plaintext via a padding oracle attack.<br />
<br />
==== [http://cvedetails.com/cve/CVE-2011-3210 CVE-2011-3210] (Denial Of Service) affected: current, 13.37 through 11.0 ====<br />
The ephemeral ECDH ciphersuite functionality in OpenSSL 0.9.8 through 0.9.8r and 1.0.x before 1.0.0e does not ensure thread safety during processing of handshake messages from clients, which allows remote attackers to cause a denial of service (daemon crash) via out-of-order messages that violate the TLS protocol.<br />
<br />
=== proftpd ===<br />
==== [http://cvedetails.com/cve/CVE-2011-4130 CVE-2011-4130] (Execute Code) affected: current, 13.37, and all before ====<br />
([http://bugs.proftpd.org/show_bug.cgi?id=3711 proftpd bug tracker #3711])<br />
<br />
Use-after-free vulnerability in the Response API in ProFTPD '''before 1.3.3g''' allows remote authenticated users to execute arbitrary code via vectors involving an error that occurs after an FTP data transfer.<br />
<br />
=== php ===<br />
==== [http://cvedetails.com/cve/CVE-2011-4885 CVE-2011-4885] (Denial Of Service) affected: current, 13.37 and all before ====<br />
PHP before 5.3.9 computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters.<br />
<br />
==== [http://cvedetails.com/cve/CVE-2011-3379 CVE-2011-3379] (Execute Code) affected: current, 13.37 through 12.0 ====<br />
The is_a function in PHP 5.3.7 and 5.3.8 triggers a call to the __autoload function, which makes it easier for remote attackers to execute arbitrary code by providing a crafted URL and leveraging potentially unsafe behavior in certain PEAR packages and custom autoloaders.<br />
<br />
=== curl ===<br />
==== [http://curl.haxx.se/docs/adv_20120124.html CVE-2012-0036] (Execute Code) affected: current, and all before ====<br />
curl is vulnerable to a data injection attack for certain protocols through control characters embedded or percent-encoded in URLs.<br />
<br />
==== [http://curl.haxx.se/docs/adv_20120124B.html CVE-2011-3389] (man-in-the-middle attacks) affected: current, 13.37 ====<br />
curl is vulnerable to a SSL CBC IV vulnerability when built to use OpenSSL for the SSL/TLS layer.<br />
<br />
== x ==<br />
=== libXfont ===<br />
==== [http://cvedetails.com/cve/CVE-2011-2895 CVE-2011-2895] (Execute Code, Overflow) affected: current, 13.37 and all before ====<br />
The LZW decompressor in (1) the BufCompressedFill function in fontfile/decompress.c in X.Org libXfont before 1.4.4 and (2) compress/compress.c in 4.3BSD, as used in zopen.c in OpenBSD before 3.8, FreeBSD, NetBSD 4.0.x and 5.0.x before 5.0.3 and 5.1.x before 5.1.1, FreeType 2.1.9, and other products, does not properly handle code words that are absent from the decompression table when encountered, which allows context-dependent attackers to trigger an infinite loop or a heap-based buffer overflow, and possibly execute arbitrary code, via a crafted compressed stream, a related issue to CVE-2006-1168 and CVE-2011-2896.<br />
<br />
== xap ==<br />
=== pidgin ===<br />
==== [http://cvedetails.com/cve/CVE-2011-4603 CVE-2011-4603] (Denial Of Service) affected: current, 13.37 and all before ====<br />
The silc_channel_message function in ops.c in the SILC protocol plugin in libpurple in Pidgin before 2.10.1 does not perform the expected UTF-8 validation on message data, which allows remote attackers to cause a denial of service (application crash) via a crafted message, a different vulnerability than CVE-2011-3594.<br />
<br />
==== [http://cvedetails.com/cve/CVE-2011-4602 CVE-2011-4602] (Denial Of Service) affected: current, 13.37 and all before ====<br />
The XMPP protocol plugin in libpurple in Pidgin before 2.10.1 does not properly handle missing fields in (1) voice-chat and (2) video-chat stanzas, which allows remote attackers to cause a denial of service (application crash) via a crafted message.<br />
<br />
==== [http://cvedetails.com/cve/CVE-2011-4601 CVE-2011-4601] (Denial Of Service) affected: current, 13.37 and all before ====<br />
family_feedbag.c in the oscar protocol plugin in libpurple in Pidgin before 2.10.1 does not perform the expected UTF-8 validation on message data, which allows remote attackers to cause a denial of service (application crash) via a crafted (1) AIM or (2) ICQ message associated with buddy-list addition.<br />
<br />
==== [http://cvedetails.com/cve/CVE-2011-3594 CVE-2011-3594] (Denial Of Service, Overflow) affected: current, 13.37 and all before ====<br />
The g_markup_escape_text function in the SILC protocol plug-in in libpurple 2.10.0 and earlier, as used in Pidgin and possibly other products, allows remote attackers to cause a denial of service (crash) via invalid UTF-8 sequences that trigger use of invalid pointers and an out-of-bounds read, related to interactions with certain versions of glib2.<br />
<br />
==== [http://cvedetails.com/cve/CVE-2011-3184 CVE-2011-3184] (Denial Of Service) affected: current, 13.37 and all before ====<br />
The msn_httpconn_parse_data function in httpconn.c in the MSN protocol plugin in libpurple in Pidgin before 2.10.0 does not properly handle HTTP 100 responses, which allows remote attackers to cause a denial of service (incorrect memory access and application crash) via vectors involving a crafted server message.<br />
<br />
==== [http://cvedetails.com/cve/CVE-2011-2943 CVE-2011-2943] (Denial Of Service) affected: current, 13.37 and all before ====<br />
The irc_msg_who function in msgs.c in the IRC protocol plugin in libpurple 2.8.0 through 2.9.0 in Pidgin before 2.10.0 does not properly validate characters in nicknames, which allows user-assisted remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted nickname that is not properly handled in a WHO response.<br />
<br />
=== mozilla-firefox (various issues, all versions impacted) ===<br />
From http://www.mozilla.org/security/known-vulnerabilities/firefox.html#firefox9, at LEAST:<br />
<br />
Fixed in Firefox 9:<br />
*MFSA 2011-58 Crash scaling <video> to extreme sizes<br />
*MFSA 2011-57 Crash when plugin removes itself on Mac OS X<br />
*MFSA 2011-56 Key detection without JavaScript via SVG animation<br />
*MFSA 2011-55 nsSVGValue out-of-bounds access<br />
*MFSA 2011-54 Potentially exploitable crash in the YARR regular expression library<br />
*MFSA 2011-53 Miscellaneous memory safety hazards (rv:9.0)<br />
<br />
=== seamonkey (various issues, all versions impacted) ===<br />
<br />
From http://www.mozilla.org/security/known-vulnerabilities/seamonkey.html#seamonkey2.6, at LEAST:<br />
Fixed in SeaMonkey 2.6:<br />
*MFSA 2011-58 Crash scaling <video> to extreme sizes<br />
*MFSA 2011-57 Crash when plugin removes itself on Mac OS X<br />
*MFSA 2011-56 Key detection without JavaScript via SVG animation<br />
*MFSA 2011-55 nsSVGValue out-of-bounds access<br />
*MFSA 2011-54 Potentially exploitable crash in the YARR regular expression library<br />
*MFSA 2011-53 Miscellaneous memory safety hazards (rv:9.0)</div>Adrienhttps://www.slackwiki.com/index.php?title=Category:Security:SSA&diff=644Category:Security:SSA2012-01-31T10:34:29Z<p>Adrien: Turn mozilla-* into mozilla-firefox; add _some_ know issues (those fixed in ff9)</p>
<hr />
<div>Slackware has recently started to be inactive. At the same time, a number of security issues have been found in various components. This page aims at listing them in order to help everyone know which components have known vulnerabilities.<br />
<br />
The list below is provided as-is. It is meant to be as good as possible but we can't guarantee anything. It is sorted by slackware categories: a/, ap/, d/, ...<br />
<br />
A more comprehensive effort might appear at some point in the future (binary packages?) but this is currently only a list of packages and their CVEs when applicable and useful. In some cases, we consider pointing out a specific CVE is not useful because of the number of issues (i.e. get the last version; e.g. mozilla-*).<br />
<br />
The CVEs are typically listed as follow:<br />
${SUMMARY}<br />
* Fix:<br />
** Fixed upstream on: ${DATE}<br />
** Available in version: ${UPSTREAM_VERSION_WITH_FIX} (-current ${VERSION_IN_CURRENT}; -stable: ${VERSION_IN_13_37})<br />
** Upstream commit: ${URL_TO_THE_SPECIFIC_FIX_COMMIT}<br />
<br />
== a ==<br />
=== cups ===<br />
==== [http://cvedetails.com/cve/CVE-2011-3170 CVE-2011-3170] (Execute Code, Overflow) affected: current, 13.37 and all before ====<br />
The gif_read_lzw function in filter/image-gif.c in CUPS 1.4.8 and earlier does not properly handle the first code word in an LZW stream, which allows remote attackers to trigger a heap-based buffer overflow, and possibly execute arbitrary code, via a crafted stream, a different vulnerability than CVE-2011-2896. <br />
<br />
==== [http://cvedetails.com/cve/CVE-2011-2896 CVE-2011-2896] (Execute Code, Overflow) affected: current, 13.37 and all before ====<br />
The LZW decompressor in the LWZReadByte function in giftoppm.c in the David Koblas GIF decoder in PBMPLUS, as used in the gif_read_lzw function in filter/image-gif.c in CUPS before 1.4.7, the LZWReadByte function in plug-ins/common/file-gif-load.c in GIMP 2.6.11 and earlier, the LZWReadByte function in img/gifread.c in XPCE in SWI-Prolog 5.10.4 and earlier, and other products, does not properly handle code words that are absent from the decompression table when encountered, which allows remote attackers to trigger an infinite loop or a heap-based buffer overflow, and possibly execute arbitrary code, via a crafted compressed stream, a related issue to CVE-2006-1168 and CVE-2011-2895. <br />
<br />
== d ==<br />
=== perl === <br />
==== [http://cvedetails.com/cve/CVE-2011-2939 CVE-2011-2939] (Denial Of Service, Overflow, Memory corruption) affected: current, 13.37 through 10.0 ====<br />
Off-by-one error in the decode_xs function in Unicode/Unicode.xs in the Encode module before 2.44, as used in Perl before 5.15.6, might allow context-dependent attackers to cause a denial of service (memory corruption) via a crafted Unicode string, which triggers a heap-based buffer overflow [http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2939 (on cve.mitre.org)].<br />
* Fix:<br />
** Fixed upstream on: Tue, 9 Aug 2011<br />
** Available in version: 5.14.2 (-current: 5.14.0; -stable: 5.12.3)<br />
** Commit: http://perl5.git.perl.org/perl.git/commitdiff/e46d973584785af1f445c4dedbee4243419cb860#patch5<br />
<br />
=== ruby ===<br />
==== [http://cvedetails.com/cve/CVE-2011-2705 CVE-2011-2705] (PRNG weakness) affected: current, 13.37 and all before ====<br />
The SecureRandom.random_bytes function in lib/securerandom.rb in Ruby before 1.8.7-p352 and 1.9.x before 1.9.2-p290 relies on PID values for initialization, which makes it easier for context-dependent attackers to predict the result string by leveraging knowledge of random strings obtained in an earlier process with the same PID.<br />
<br />
==== [http://cvedetails.com/cve/CVE-2011-0188 CVE-2011-0188] (Denial Of Service, Execute Code) affected: current, 13.37 and all before ====<br />
The VpMemAlloc function in bigdecimal.c in the BigDecimal class in Ruby 1.9.2-p136 and earlier, as used on Apple Mac OS X before 10.6.7 and other platforms, does not properly allocate memory, which allows context-dependent attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving creation of a large BigDecimal value within a 64-bit process, related to an "integer truncation issue."<br />
<br />
== e ==<br />
=== emacs ===<br />
<br />
== k ==<br />
=== kernel ===<br />
<br />
== l ==<br />
=== t1lib ===<br />
==== [http://cvedetails.com/cve/CVE-2011-1554 CVE-2011-1554] (Denial Of Service, Overflow) affected: current, 13.37 and all before ====<br />
Off-by-one error in t1lib 5.1.2 and earlier, as used in Xpdf before 3.02pl6 and other products, allows remote attackers to cause a denial of service (application crash) via a PDF document containing a crafted Type 1 font that triggers an invalid memory read, integer overflow, and invalid pointer dereference, a different vulnerability than CVE-2011-0764.<br />
<br />
==== [http://cvedetails.com/cve/CVE-2011-1553 CVE-2011-1553] (Denial Of Service) affected: current, 13.37 and all before ====<br />
Use-after-free vulnerability in t1lib 5.1.2 and earlier, as used in Xpdf before 3.02pl6 and other products, allows remote attackers to cause a denial of service (application crash) via a PDF document containing a crafted Type 1 font that triggers an invalid memory write, a different vulnerability than CVE-2011-0764.<br />
<br />
==== [http://cvedetails.com/cve/CVE-2011-1552 CVE-2011-1552] (Denial Of Service, Overflow) affected: current, 13.37 and all before ====<br />
t1lib 5.1.2 and earlier, as used in Xpdf before 3.02pl6 and other products, reads from invalid memory locations, which allows remote attackers to cause a denial of service (application crash) via a crafted Type 1 font in a PDF document, a different vulnerability than CVE-2011-0764.<br />
<br />
==== [http://cvedetails.com/cve/CVE-2011-0764 CVE-2011-0764] (Execute Code) affected: current, 13.37 and all before ====<br />
t1lib 5.1.2 and earlier, as used in Xpdf before 3.02pl6 and other products, uses an invalid pointer in conjunction with a dereference operation, which allows remote attackers to execute arbitrary code via a crafted Type 1 font in a PDF document, as demonstrated by testz.2184122398.pdf.<br />
<br />
=== freetype2 ===<br />
==== [http://cvedetails.com/cve/CVE-2011-0226 CVE-2011-0226] (Denial Of Service, Execute Code, Memory corruption) affected: current, 13.37 and all before ====<br />
Integer signedness error in psaux/t1decode.c in FreeType before 2.4.6, as used in CoreGraphics in Apple iOS before 4.2.9 and 4.3.x before 4.3.4 and other products, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted Type 1 font in a PDF document, as exploited in the wild in July 2011.<br />
<br />
=== libxml2 ===<br />
==== [http://cvedetails.com/cve/CVE-2011-1944 CVE-2011-1944] (Denial Of Service, Execute Code, Overflow) affected: current, 13.37 and all before ====<br />
Integer overflow in xpath.c in libxml2 2.6.x through 2.6.32 and 2.7.x through 2.7.8, and libxml 1.8.16 and earlier, allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted XML file that triggers a heap-based buffer overflow when adding a new namespace node, related to handling of XPath expressions. <br />
<br />
== n ==<br />
=== httpd ===<br />
==== [http://cvedetails.com/cve/CVE-2011-4415 CVE-2011-4415] (Denial Of Service) affected: current, 13.37 and all before ====<br />
The ap_pregsub function in server/util.c in the Apache HTTP Server 2.0.x through 2.0.64 and 2.2.x through 2.2.21, when the mod_setenvif module is enabled, does not restrict the size of values of environment variables, which allows local users to cause a denial of service (memory consumption or NULL pointer dereference) via a .htaccess file with a crafted SetEnvIf directive, in conjunction with a crafted HTTP request header, related to (1) the "len +=" statement and (2) the apr_pcalloc function call, a different vulnerability than CVE-2011-3607. <br />
<br />
==== [http://cvedetails.com/cve/CVE-2011-3607 CVE-2011-3607] (Overflow, Gain privileges) affected: current, 13.37 and all before ====<br />
Integer overflow in the ap_pregsub function in server/util.c in the Apache HTTP Server 2.0.x through 2.0.64 and 2.2.x through 2.2.21, when the mod_setenvif module is enabled, allows local users to gain privileges via a .htaccess file with a crafted SetEnvIf directive, in conjunction with a crafted HTTP request header, leading to a heap-based buffer overflow. <br />
<br />
==== [http://cvedetails.com/cve/CVE-2011-3368 CVE-2011-3368] affected: current, 13.37 and all before ====<br />
The mod_proxy module in the Apache HTTP Server 1.3.x through 1.3.42, 2.0.x through 2.0.64, and 2.2.x through 2.2.21 does not properly interact with use of (1) RewriteRule and (2) ProxyPassMatch pattern matches for configuration of a reverse proxy, which allows remote attackers to send requests to intranet servers via a malformed URI containing an initial @ (at sign) character.<br />
<br />
=== dhcp ===<br />
==== [http://cvedetails.com/cve/CVE-2011-4868 CVE-2011-4868] (Denial Of Service) affected: current, 13.37, and all before ====<br />
The logging functionality in dhcpd in ISC DHCP before 4.2.3-P2, when using Dynamic DNS (DDNS) and issuing IPv6 addresses, does not properly handle the DHCPv6 lease structure, which allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via crafted packets related to a lease-status update.<br />
<br />
==== [http://cvedetails.com/cve/CVE-2011-4539 CVE-2011-4539] (Denial Of Service) affected: current, 13.37, 13.1 ====<br />
dhcpd in ISC DHCP 4.x before 4.2.3-P1 and 4.1-ESV before 4.1-ESV-R4 does not properly handle regular expressions in dhcpd.conf, which allows remote attackers to cause a denial of service (daemon crash) via a crafted request packet.<br />
<br />
==== [http://cvedetails.com/cve/CVE-2011-2749 CVE-2011-2749] (Denial Of Service) affected: current, 13.37, and all before ====<br />
The server in ISC DHCP 3.x and 4.x before 4.2.2, 3.1-ESV before 3.1-ESV-R3, and 4.1-ESV before 4.1-ESV-R3 allows remote attackers to cause a denial of service (daemon exit) via a crafted BOOTP packet.<br />
<br />
==== [http://cvedetails.com/cve/CVE-2011-2748 CVE-2011-2748] (Denial Of Service) affected: current, 13.37, and all before ====<br />
The server in ISC DHCP 3.x and 4.x before 4.2.2, 3.1-ESV before 3.1-ESV-R3, and 4.1-ESV before 4.1-ESV-R3 allows remote attackers to cause a denial of service (daemon exit) via a crafted DHCP packet.<br />
<br />
=== openssl ===<br />
==== [http://cvedetails.com/cve/CVE-2012-0027 CVE-2012-0027] (Denial Of Service) affected: current, 13.37, and all before ====<br />
The GOST ENGINE in OpenSSL before 1.0.0f does not properly handle invalid parameters for the GOST block cipher, which allows remote attackers to cause a denial of service (daemon crash) via crafted data from a TLS client.<br />
<br />
==== [http://cvedetails.com/cve/CVE-2011-4619 CVE-2011-4619] (Denial Of Service) affected: current, 13.37, and all before ====<br />
The Server Gated Cryptography (SGC) implementation in OpenSSL before 0.9.8s and 1.x before 1.0.0f does not properly handle handshake restarts, which allows remote attackers to cause a denial of service via unspecified vectors.<br />
<br />
==== [http://cvedetails.com/cve/CVE-2011-4576 CVE-2011-4576] (Obtain Information) affected: current, 13.37, and all before ====<br />
The SSL 3.0 implementation in OpenSSL before 0.9.8s and 1.x before 1.0.0f does not properly initialize data structures for block cipher padding, which might allow remote attackers to obtain sensitive information by decrypting the padding data sent by an SSL peer.<br />
<br />
==== [http://cvedetails.com/cve/CVE-2011-4109 CVE-2011-4109] (unspecified impact) affected: current, 13.37 through 11.0 ====<br />
Double free vulnerability in OpenSSL 0.9.8 before 0.9.8s, when X509_V_FLAG_POLICY_CHECK is enabled, allows remote attackers to have an unspecified impact by triggering failure of a policy check.<br />
<br />
==== [http://cvedetails.com/cve/CVE-2011-4108 CVE-2011-4108] affected: current, 13.37, and all before ====<br />
The DTLS implementation in OpenSSL before 0.9.8s and 1.x before 1.0.0f performs a MAC check only if certain padding is valid, which makes it easier for remote attackers to recover plaintext via a padding oracle attack.<br />
<br />
==== [http://cvedetails.com/cve/CVE-2011-3210 CVE-2011-3210] (Denial Of Service) affected: current, 13.37 through 11.0 ====<br />
The ephemeral ECDH ciphersuite functionality in OpenSSL 0.9.8 through 0.9.8r and 1.0.x before 1.0.0e does not ensure thread safety during processing of handshake messages from clients, which allows remote attackers to cause a denial of service (daemon crash) via out-of-order messages that violate the TLS protocol.<br />
<br />
=== proftpd ===<br />
==== [http://cvedetails.com/cve/CVE-2011-4130 CVE-2011-4130] (Execute Code) affected: current, 13.37, and all before ====<br />
([http://bugs.proftpd.org/show_bug.cgi?id=3711 proftpd bug tracker #3711])<br />
<br />
Use-after-free vulnerability in the Response API in ProFTPD '''before 1.3.3g''' allows remote authenticated users to execute arbitrary code via vectors involving an error that occurs after an FTP data transfer.<br />
<br />
=== php ===<br />
==== [http://cvedetails.com/cve/CVE-2011-4885 CVE-2011-4885] (Denial Of Service) affected: current, 13.37 and all before ====<br />
PHP before 5.3.9 computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters.<br />
<br />
==== [http://cvedetails.com/cve/CVE-2011-3379 CVE-2011-3379] (Execute Code) affected: current, 13.37 through 12.0 ====<br />
The is_a function in PHP 5.3.7 and 5.3.8 triggers a call to the __autoload function, which makes it easier for remote attackers to execute arbitrary code by providing a crafted URL and leveraging potentially unsafe behavior in certain PEAR packages and custom autoloaders. <br />
<br />
== x ==<br />
=== libXfont ===<br />
==== [http://cvedetails.com/cve/CVE-2011-2895 CVE-2011-2895] (Execute Code, Overflow) affected: current, 13.37 and all before ====<br />
The LZW decompressor in (1) the BufCompressedFill function in fontfile/decompress.c in X.Org libXfont before 1.4.4 and (2) compress/compress.c in 4.3BSD, as used in zopen.c in OpenBSD before 3.8, FreeBSD, NetBSD 4.0.x and 5.0.x before 5.0.3 and 5.1.x before 5.1.1, FreeType 2.1.9, and other products, does not properly handle code words that are absent from the decompression table when encountered, which allows context-dependent attackers to trigger an infinite loop or a heap-based buffer overflow, and possibly execute arbitrary code, via a crafted compressed stream, a related issue to CVE-2006-1168 and CVE-2011-2896.<br />
<br />
== xap ==<br />
=== pidgin ===<br />
==== [http://cvedetails.com/cve/CVE-2011-4603 CVE-2011-4603] (Denial Of Service) affected: current, 13.37 and all before ====<br />
The silc_channel_message function in ops.c in the SILC protocol plugin in libpurple in Pidgin before 2.10.1 does not perform the expected UTF-8 validation on message data, which allows remote attackers to cause a denial of service (application crash) via a crafted message, a different vulnerability than CVE-2011-3594.<br />
<br />
==== [http://cvedetails.com/cve/CVE-2011-4602 CVE-2011-4602] (Denial Of Service) affected: current, 13.37 and all before ====<br />
The XMPP protocol plugin in libpurple in Pidgin before 2.10.1 does not properly handle missing fields in (1) voice-chat and (2) video-chat stanzas, which allows remote attackers to cause a denial of service (application crash) via a crafted message.<br />
<br />
==== [http://cvedetails.com/cve/CVE-2011-4601 CVE-2011-4601] (Denial Of Service) affected: current, 13.37 and all before ====<br />
family_feedbag.c in the oscar protocol plugin in libpurple in Pidgin before 2.10.1 does not perform the expected UTF-8 validation on message data, which allows remote attackers to cause a denial of service (application crash) via a crafted (1) AIM or (2) ICQ message associated with buddy-list addition.<br />
<br />
==== [http://cvedetails.com/cve/CVE-2011-3594 CVE-2011-3594] (Denial Of Service, Overflow) affected: current, 13.37 and all before ====<br />
The g_markup_escape_text function in the SILC protocol plug-in in libpurple 2.10.0 and earlier, as used in Pidgin and possibly other products, allows remote attackers to cause a denial of service (crash) via invalid UTF-8 sequences that trigger use of invalid pointers and an out-of-bounds read, related to interactions with certain versions of glib2.<br />
<br />
==== [http://cvedetails.com/cve/CVE-2011-3184 CVE-2011-3184] (Denial Of Service) affected: current, 13.37 and all before ====<br />
The msn_httpconn_parse_data function in httpconn.c in the MSN protocol plugin in libpurple in Pidgin before 2.10.0 does not properly handle HTTP 100 responses, which allows remote attackers to cause a denial of service (incorrect memory access and application crash) via vectors involving a crafted server message.<br />
<br />
==== [http://cvedetails.com/cve/CVE-2011-2943 CVE-2011-2943] (Denial Of Service) affected: current, 13.37 and all before ====<br />
The irc_msg_who function in msgs.c in the IRC protocol plugin in libpurple 2.8.0 through 2.9.0 in Pidgin before 2.10.0 does not properly validate characters in nicknames, which allows user-assisted remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted nickname that is not properly handled in a WHO response.<br />
<br />
=== mozilla-firefox (various issues, all versions vulnerable) ===<br />
From http://www.mozilla.org/security/known-vulnerabilities/firefox.html#firefox9, at LEAST:<br />
<br />
Fixed in Firefox 9:<br />
*MFSA 2011-58 Crash scaling <video> to extreme sizes<br />
*MFSA 2011-57 Crash when plugin removes itself on Mac OS X<br />
*MFSA 2011-56 Key detection without JavaScript via SVG animation<br />
*MFSA 2011-55 nsSVGValue out-of-bounds access<br />
*MFSA 2011-54 Potentially exploitable crash in the YARR regular expression library<br />
*MFSA 2011-53 Miscellaneous memory safety hazards (rv:9.0)</div>Adrienhttps://www.slackwiki.com/index.php?title=Category:Security:SSA&diff=643Category:Security:SSA2012-01-31T10:21:39Z<p>Adrien: xap/mozilla-*: new; quick note</p>
<hr />
<div>Slackware has recently started to be inactive. At the same time, a number of security issues have been found in various components. This page aims at listing them in order to help everyone know which components have known vulnerabilities.<br />
<br />
The list below is provided as-is. It is meant to be as good as possible but we can't guarantee anything. It is sorted by slackware categories: a/, ap/, d/, ...<br />
<br />
A more comprehensive effort might appear at some point in the future (binary packages?) but this is currently only a list of packages and their CVEs when applicable and useful. In some cases, we consider pointing out a specific CVE is not useful because of the number of issues (i.e. get the last version; e.g. mozilla-*).<br />
<br />
The CVEs are typically listed as follow:<br />
${SUMMARY}<br />
* Fix:<br />
** Fixed upstream on: ${DATE}<br />
** Available in version: ${UPSTREAM_VERSION_WITH_FIX} (-current ${VERSION_IN_CURRENT}; -stable: ${VERSION_IN_13_37})<br />
** Upstream commit: ${URL_TO_THE_SPECIFIC_FIX_COMMIT}<br />
<br />
== a ==<br />
=== cups ===<br />
==== [http://cvedetails.com/cve/CVE-2011-3170 CVE-2011-3170] (Execute Code, Overflow) affected: current, 13.37 and all before ====<br />
The gif_read_lzw function in filter/image-gif.c in CUPS 1.4.8 and earlier does not properly handle the first code word in an LZW stream, which allows remote attackers to trigger a heap-based buffer overflow, and possibly execute arbitrary code, via a crafted stream, a different vulnerability than CVE-2011-2896. <br />
<br />
==== [http://cvedetails.com/cve/CVE-2011-2896 CVE-2011-2896] (Execute Code, Overflow) affected: current, 13.37 and all before ====<br />
The LZW decompressor in the LWZReadByte function in giftoppm.c in the David Koblas GIF decoder in PBMPLUS, as used in the gif_read_lzw function in filter/image-gif.c in CUPS before 1.4.7, the LZWReadByte function in plug-ins/common/file-gif-load.c in GIMP 2.6.11 and earlier, the LZWReadByte function in img/gifread.c in XPCE in SWI-Prolog 5.10.4 and earlier, and other products, does not properly handle code words that are absent from the decompression table when encountered, which allows remote attackers to trigger an infinite loop or a heap-based buffer overflow, and possibly execute arbitrary code, via a crafted compressed stream, a related issue to CVE-2006-1168 and CVE-2011-2895. <br />
<br />
== d ==<br />
=== perl === <br />
==== [http://cvedetails.com/cve/CVE-2011-2939 CVE-2011-2939] (Denial Of Service, Overflow, Memory corruption) affected: current, 13.37 through 10.0 ====<br />
Off-by-one error in the decode_xs function in Unicode/Unicode.xs in the Encode module before 2.44, as used in Perl before 5.15.6, might allow context-dependent attackers to cause a denial of service (memory corruption) via a crafted Unicode string, which triggers a heap-based buffer overflow [http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2939 (on cve.mitre.org)].<br />
* Fix:<br />
** Fixed upstream on: Tue, 9 Aug 2011<br />
** Available in version: 5.14.2 (-current: 5.14.0; -stable: 5.12.3)<br />
** Commit: http://perl5.git.perl.org/perl.git/commitdiff/e46d973584785af1f445c4dedbee4243419cb860#patch5<br />
<br />
=== ruby ===<br />
==== [http://cvedetails.com/cve/CVE-2011-2705 CVE-2011-2705] (PRNG weakness) affected: current, 13.37 and all before ====<br />
The SecureRandom.random_bytes function in lib/securerandom.rb in Ruby before 1.8.7-p352 and 1.9.x before 1.9.2-p290 relies on PID values for initialization, which makes it easier for context-dependent attackers to predict the result string by leveraging knowledge of random strings obtained in an earlier process with the same PID.<br />
<br />
==== [http://cvedetails.com/cve/CVE-2011-0188 CVE-2011-0188] (Denial Of Service, Execute Code) affected: current, 13.37 and all before ====<br />
The VpMemAlloc function in bigdecimal.c in the BigDecimal class in Ruby 1.9.2-p136 and earlier, as used on Apple Mac OS X before 10.6.7 and other platforms, does not properly allocate memory, which allows context-dependent attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving creation of a large BigDecimal value within a 64-bit process, related to an "integer truncation issue."<br />
<br />
== e ==<br />
=== emacs ===<br />
<br />
== k ==<br />
=== kernel ===<br />
<br />
== l ==<br />
=== t1lib ===<br />
==== [http://cvedetails.com/cve/CVE-2011-1554 CVE-2011-1554] (Denial Of Service, Overflow) affected: current, 13.37 and all before ====<br />
Off-by-one error in t1lib 5.1.2 and earlier, as used in Xpdf before 3.02pl6 and other products, allows remote attackers to cause a denial of service (application crash) via a PDF document containing a crafted Type 1 font that triggers an invalid memory read, integer overflow, and invalid pointer dereference, a different vulnerability than CVE-2011-0764.<br />
<br />
==== [http://cvedetails.com/cve/CVE-2011-1553 CVE-2011-1553] (Denial Of Service) affected: current, 13.37 and all before ====<br />
Use-after-free vulnerability in t1lib 5.1.2 and earlier, as used in Xpdf before 3.02pl6 and other products, allows remote attackers to cause a denial of service (application crash) via a PDF document containing a crafted Type 1 font that triggers an invalid memory write, a different vulnerability than CVE-2011-0764.<br />
<br />
==== [http://cvedetails.com/cve/CVE-2011-1552 CVE-2011-1552] (Denial Of Service, Overflow) affected: current, 13.37 and all before ====<br />
t1lib 5.1.2 and earlier, as used in Xpdf before 3.02pl6 and other products, reads from invalid memory locations, which allows remote attackers to cause a denial of service (application crash) via a crafted Type 1 font in a PDF document, a different vulnerability than CVE-2011-0764.<br />
<br />
==== [http://cvedetails.com/cve/CVE-2011-0764 CVE-2011-0764] (Execute Code) affected: current, 13.37 and all before ====<br />
t1lib 5.1.2 and earlier, as used in Xpdf before 3.02pl6 and other products, uses an invalid pointer in conjunction with a dereference operation, which allows remote attackers to execute arbitrary code via a crafted Type 1 font in a PDF document, as demonstrated by testz.2184122398.pdf.<br />
<br />
=== freetype2 ===<br />
==== [http://cvedetails.com/cve/CVE-2011-0226 CVE-2011-0226] (Denial Of Service, Execute Code, Memory corruption) affected: current, 13.37 and all before ====<br />
Integer signedness error in psaux/t1decode.c in FreeType before 2.4.6, as used in CoreGraphics in Apple iOS before 4.2.9 and 4.3.x before 4.3.4 and other products, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted Type 1 font in a PDF document, as exploited in the wild in July 2011.<br />
<br />
=== libxml2 ===<br />
==== [http://cvedetails.com/cve/CVE-2011-1944 CVE-2011-1944] (Denial Of Service, Execute Code, Overflow) affected: current, 13.37 and all before ====<br />
Integer overflow in xpath.c in libxml2 2.6.x through 2.6.32 and 2.7.x through 2.7.8, and libxml 1.8.16 and earlier, allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted XML file that triggers a heap-based buffer overflow when adding a new namespace node, related to handling of XPath expressions. <br />
<br />
== n ==<br />
=== httpd ===<br />
==== [http://cvedetails.com/cve/CVE-2011-4415 CVE-2011-4415] (Denial Of Service) affected: current, 13.37 and all before ====<br />
The ap_pregsub function in server/util.c in the Apache HTTP Server 2.0.x through 2.0.64 and 2.2.x through 2.2.21, when the mod_setenvif module is enabled, does not restrict the size of values of environment variables, which allows local users to cause a denial of service (memory consumption or NULL pointer dereference) via a .htaccess file with a crafted SetEnvIf directive, in conjunction with a crafted HTTP request header, related to (1) the "len +=" statement and (2) the apr_pcalloc function call, a different vulnerability than CVE-2011-3607. <br />
<br />
==== [http://cvedetails.com/cve/CVE-2011-3607 CVE-2011-3607] (Overflow, Gain privileges) affected: current, 13.37 and all before ====<br />
Integer overflow in the ap_pregsub function in server/util.c in the Apache HTTP Server 2.0.x through 2.0.64 and 2.2.x through 2.2.21, when the mod_setenvif module is enabled, allows local users to gain privileges via a .htaccess file with a crafted SetEnvIf directive, in conjunction with a crafted HTTP request header, leading to a heap-based buffer overflow. <br />
<br />
==== [http://cvedetails.com/cve/CVE-2011-3368 CVE-2011-3368] affected: current, 13.37 and all before ====<br />
The mod_proxy module in the Apache HTTP Server 1.3.x through 1.3.42, 2.0.x through 2.0.64, and 2.2.x through 2.2.21 does not properly interact with use of (1) RewriteRule and (2) ProxyPassMatch pattern matches for configuration of a reverse proxy, which allows remote attackers to send requests to intranet servers via a malformed URI containing an initial @ (at sign) character.<br />
<br />
=== dhcp ===<br />
==== [http://cvedetails.com/cve/CVE-2011-4868 CVE-2011-4868] (Denial Of Service) affected: current, 13.37, and all before ====<br />
The logging functionality in dhcpd in ISC DHCP before 4.2.3-P2, when using Dynamic DNS (DDNS) and issuing IPv6 addresses, does not properly handle the DHCPv6 lease structure, which allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via crafted packets related to a lease-status update.<br />
<br />
==== [http://cvedetails.com/cve/CVE-2011-4539 CVE-2011-4539] (Denial Of Service) affected: current, 13.37, 13.1 ====<br />
dhcpd in ISC DHCP 4.x before 4.2.3-P1 and 4.1-ESV before 4.1-ESV-R4 does not properly handle regular expressions in dhcpd.conf, which allows remote attackers to cause a denial of service (daemon crash) via a crafted request packet.<br />
<br />
==== [http://cvedetails.com/cve/CVE-2011-2749 CVE-2011-2749] (Denial Of Service) affected: current, 13.37, and all before ====<br />
The server in ISC DHCP 3.x and 4.x before 4.2.2, 3.1-ESV before 3.1-ESV-R3, and 4.1-ESV before 4.1-ESV-R3 allows remote attackers to cause a denial of service (daemon exit) via a crafted BOOTP packet.<br />
<br />
==== [http://cvedetails.com/cve/CVE-2011-2748 CVE-2011-2748] (Denial Of Service) affected: current, 13.37, and all before ====<br />
The server in ISC DHCP 3.x and 4.x before 4.2.2, 3.1-ESV before 3.1-ESV-R3, and 4.1-ESV before 4.1-ESV-R3 allows remote attackers to cause a denial of service (daemon exit) via a crafted DHCP packet.<br />
<br />
=== openssl ===<br />
==== [http://cvedetails.com/cve/CVE-2012-0027 CVE-2012-0027] (Denial Of Service) affected: current, 13.37, and all before ====<br />
The GOST ENGINE in OpenSSL before 1.0.0f does not properly handle invalid parameters for the GOST block cipher, which allows remote attackers to cause a denial of service (daemon crash) via crafted data from a TLS client.<br />
<br />
==== [http://cvedetails.com/cve/CVE-2011-4619 CVE-2011-4619] (Denial Of Service) affected: current, 13.37, and all before ====<br />
The Server Gated Cryptography (SGC) implementation in OpenSSL before 0.9.8s and 1.x before 1.0.0f does not properly handle handshake restarts, which allows remote attackers to cause a denial of service via unspecified vectors.<br />
<br />
==== [http://cvedetails.com/cve/CVE-2011-4576 CVE-2011-4576] (Obtain Information) affected: current, 13.37, and all before ====<br />
The SSL 3.0 implementation in OpenSSL before 0.9.8s and 1.x before 1.0.0f does not properly initialize data structures for block cipher padding, which might allow remote attackers to obtain sensitive information by decrypting the padding data sent by an SSL peer.<br />
<br />
==== [http://cvedetails.com/cve/CVE-2011-4109 CVE-2011-4109] (unspecified impact) affected: current, 13.37 through 11.0 ====<br />
Double free vulnerability in OpenSSL 0.9.8 before 0.9.8s, when X509_V_FLAG_POLICY_CHECK is enabled, allows remote attackers to have an unspecified impact by triggering failure of a policy check.<br />
<br />
==== [http://cvedetails.com/cve/CVE-2011-4108 CVE-2011-4108] affected: current, 13.37, and all before ====<br />
The DTLS implementation in OpenSSL before 0.9.8s and 1.x before 1.0.0f performs a MAC check only if certain padding is valid, which makes it easier for remote attackers to recover plaintext via a padding oracle attack.<br />
<br />
==== [http://cvedetails.com/cve/CVE-2011-3210 CVE-2011-3210] (Denial Of Service) affected: current, 13.37 through 11.0 ====<br />
The ephemeral ECDH ciphersuite functionality in OpenSSL 0.9.8 through 0.9.8r and 1.0.x before 1.0.0e does not ensure thread safety during processing of handshake messages from clients, which allows remote attackers to cause a denial of service (daemon crash) via out-of-order messages that violate the TLS protocol.<br />
<br />
=== proftpd ===<br />
==== [http://cvedetails.com/cve/CVE-2011-4130 CVE-2011-4130] (Execute Code) affected: current, 13.37, and all before ====<br />
([http://bugs.proftpd.org/show_bug.cgi?id=3711 proftpd bug tracker #3711])<br />
<br />
Use-after-free vulnerability in the Response API in ProFTPD '''before 1.3.3g''' allows remote authenticated users to execute arbitrary code via vectors involving an error that occurs after an FTP data transfer.<br />
<br />
=== php ===<br />
==== [http://cvedetails.com/cve/CVE-2011-4885 CVE-2011-4885] (Denial Of Service) affected: current, 13.37 and all before ====<br />
PHP before 5.3.9 computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters.<br />
<br />
==== [http://cvedetails.com/cve/CVE-2011-3379 CVE-2011-3379] (Execute Code) affected: current, 13.37 through 12.0 ====<br />
The is_a function in PHP 5.3.7 and 5.3.8 triggers a call to the __autoload function, which makes it easier for remote attackers to execute arbitrary code by providing a crafted URL and leveraging potentially unsafe behavior in certain PEAR packages and custom autoloaders. <br />
<br />
== x ==<br />
=== libXfont ===<br />
==== [http://cvedetails.com/cve/CVE-2011-2895 CVE-2011-2895] (Execute Code, Overflow) affected: current, 13.37 and all before ====<br />
The LZW decompressor in (1) the BufCompressedFill function in fontfile/decompress.c in X.Org libXfont before 1.4.4 and (2) compress/compress.c in 4.3BSD, as used in zopen.c in OpenBSD before 3.8, FreeBSD, NetBSD 4.0.x and 5.0.x before 5.0.3 and 5.1.x before 5.1.1, FreeType 2.1.9, and other products, does not properly handle code words that are absent from the decompression table when encountered, which allows context-dependent attackers to trigger an infinite loop or a heap-based buffer overflow, and possibly execute arbitrary code, via a crafted compressed stream, a related issue to CVE-2006-1168 and CVE-2011-2896.<br />
<br />
== xap ==<br />
=== pidgin ===<br />
==== [http://cvedetails.com/cve/CVE-2011-4603 CVE-2011-4603] (Denial Of Service) affected: current, 13.37 and all before ====<br />
The silc_channel_message function in ops.c in the SILC protocol plugin in libpurple in Pidgin before 2.10.1 does not perform the expected UTF-8 validation on message data, which allows remote attackers to cause a denial of service (application crash) via a crafted message, a different vulnerability than CVE-2011-3594.<br />
<br />
==== [http://cvedetails.com/cve/CVE-2011-4602 CVE-2011-4602] (Denial Of Service) affected: current, 13.37 and all before ====<br />
The XMPP protocol plugin in libpurple in Pidgin before 2.10.1 does not properly handle missing fields in (1) voice-chat and (2) video-chat stanzas, which allows remote attackers to cause a denial of service (application crash) via a crafted message.<br />
<br />
==== [http://cvedetails.com/cve/CVE-2011-4601 CVE-2011-4601] (Denial Of Service) affected: current, 13.37 and all before ====<br />
family_feedbag.c in the oscar protocol plugin in libpurple in Pidgin before 2.10.1 does not perform the expected UTF-8 validation on message data, which allows remote attackers to cause a denial of service (application crash) via a crafted (1) AIM or (2) ICQ message associated with buddy-list addition.<br />
<br />
==== [http://cvedetails.com/cve/CVE-2011-3594 CVE-2011-3594] (Denial Of Service, Overflow) affected: current, 13.37 and all before ====<br />
The g_markup_escape_text function in the SILC protocol plug-in in libpurple 2.10.0 and earlier, as used in Pidgin and possibly other products, allows remote attackers to cause a denial of service (crash) via invalid UTF-8 sequences that trigger use of invalid pointers and an out-of-bounds read, related to interactions with certain versions of glib2.<br />
<br />
==== [http://cvedetails.com/cve/CVE-2011-3184 CVE-2011-3184] (Denial Of Service) affected: current, 13.37 and all before ====<br />
The msn_httpconn_parse_data function in httpconn.c in the MSN protocol plugin in libpurple in Pidgin before 2.10.0 does not properly handle HTTP 100 responses, which allows remote attackers to cause a denial of service (incorrect memory access and application crash) via vectors involving a crafted server message.<br />
<br />
==== [http://cvedetails.com/cve/CVE-2011-2943 CVE-2011-2943] (Denial Of Service) affected: current, 13.37 and all before ====<br />
The irc_msg_who function in msgs.c in the IRC protocol plugin in libpurple 2.8.0 through 2.9.0 in Pidgin before 2.10.0 does not properly validate characters in nicknames, which allows user-assisted remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted nickname that is not properly handled in a WHO response.<br />
<br />
=== mozilla-* ===<br />
No specific CVE, you know they are vulnerable to at leas tone thing.</div>Adrienhttps://www.slackwiki.com/index.php?title=Category:Security:SSA&diff=642Category:Security:SSA2012-01-31T07:33:18Z<p>Adrien: /* CVE-2011-2705 affected: current, 13.37 and all before */ - title: classify as "PRNG weakness"</p>
<hr />
<div>Slackware has recently started to be inactive. At the same time, a number of security issues have been found in various components. This page aims at listing them in order to help everyone know which components have known vulnerabilities.<br />
<br />
The list below is provided as-is. It is meant to be as good as possible but we can't guarantee anything. It is sorted by slackware categories: a/, ap/, d/, ...<br />
<br />
A more comprehensive effort might appear at some point in the future (binary packages?) but this is currently only a list of packages and their CVEs when applicable and useful. In some cases, we consider pointing out a specific CVE is not useful because of the number of issues (i.e. get the last version; e.g. mozilla-*).<br />
<br />
The CVEs are typically listed as follow:<br />
${SUMMARY}<br />
* Fix:<br />
** Fixed upstream on: ${DATE}<br />
** Available in version: ${UPSTREAM_VERSION_WITH_FIX} (-current ${VERSION_IN_CURRENT}; -stable: ${VERSION_IN_13_37})<br />
** Upstream commit: ${URL_TO_THE_SPECIFIC_FIX_COMMIT}<br />
<br />
== a ==<br />
=== cups ===<br />
==== [http://cvedetails.com/cve/CVE-2011-3170 CVE-2011-3170] (Execute Code, Overflow) affected: current, 13.37 and all before ====<br />
The gif_read_lzw function in filter/image-gif.c in CUPS 1.4.8 and earlier does not properly handle the first code word in an LZW stream, which allows remote attackers to trigger a heap-based buffer overflow, and possibly execute arbitrary code, via a crafted stream, a different vulnerability than CVE-2011-2896. <br />
<br />
==== [http://cvedetails.com/cve/CVE-2011-2896 CVE-2011-2896] (Execute Code, Overflow) affected: current, 13.37 and all before ====<br />
The LZW decompressor in the LWZReadByte function in giftoppm.c in the David Koblas GIF decoder in PBMPLUS, as used in the gif_read_lzw function in filter/image-gif.c in CUPS before 1.4.7, the LZWReadByte function in plug-ins/common/file-gif-load.c in GIMP 2.6.11 and earlier, the LZWReadByte function in img/gifread.c in XPCE in SWI-Prolog 5.10.4 and earlier, and other products, does not properly handle code words that are absent from the decompression table when encountered, which allows remote attackers to trigger an infinite loop or a heap-based buffer overflow, and possibly execute arbitrary code, via a crafted compressed stream, a related issue to CVE-2006-1168 and CVE-2011-2895. <br />
<br />
== d ==<br />
=== perl === <br />
==== [http://cvedetails.com/cve/CVE-2011-2939 CVE-2011-2939] (Denial Of Service, Overflow, Memory corruption) affected: current, 13.37 through 10.0 ====<br />
Off-by-one error in the decode_xs function in Unicode/Unicode.xs in the Encode module before 2.44, as used in Perl before 5.15.6, might allow context-dependent attackers to cause a denial of service (memory corruption) via a crafted Unicode string, which triggers a heap-based buffer overflow [http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2939 (on cve.mitre.org)].<br />
* Fix:<br />
** Fixed upstream on: Tue, 9 Aug 2011<br />
** Available in version: 5.14.2 (-current: 5.14.0; -stable: 5.12.3)<br />
** Commit: http://perl5.git.perl.org/perl.git/commitdiff/e46d973584785af1f445c4dedbee4243419cb860#patch5<br />
<br />
=== ruby ===<br />
==== [http://cvedetails.com/cve/CVE-2011-2705 CVE-2011-2705] (PRNG weakness) affected: current, 13.37 and all before ====<br />
The SecureRandom.random_bytes function in lib/securerandom.rb in Ruby before 1.8.7-p352 and 1.9.x before 1.9.2-p290 relies on PID values for initialization, which makes it easier for context-dependent attackers to predict the result string by leveraging knowledge of random strings obtained in an earlier process with the same PID.<br />
<br />
==== [http://cvedetails.com/cve/CVE-2011-0188 CVE-2011-0188] (Denial Of Service, Execute Code) affected: current, 13.37 and all before ====<br />
The VpMemAlloc function in bigdecimal.c in the BigDecimal class in Ruby 1.9.2-p136 and earlier, as used on Apple Mac OS X before 10.6.7 and other platforms, does not properly allocate memory, which allows context-dependent attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving creation of a large BigDecimal value within a 64-bit process, related to an "integer truncation issue."<br />
<br />
== e ==<br />
=== emacs ===<br />
<br />
== k ==<br />
=== kernel ===<br />
<br />
== l ==<br />
=== t1lib ===<br />
==== [http://cvedetails.com/cve/CVE-2011-1554 CVE-2011-1554] (Denial Of Service, Overflow) affected: current, 13.37 and all before ====<br />
Off-by-one error in t1lib 5.1.2 and earlier, as used in Xpdf before 3.02pl6 and other products, allows remote attackers to cause a denial of service (application crash) via a PDF document containing a crafted Type 1 font that triggers an invalid memory read, integer overflow, and invalid pointer dereference, a different vulnerability than CVE-2011-0764.<br />
<br />
==== [http://cvedetails.com/cve/CVE-2011-1553 CVE-2011-1553] (Denial Of Service) affected: current, 13.37 and all before ====<br />
Use-after-free vulnerability in t1lib 5.1.2 and earlier, as used in Xpdf before 3.02pl6 and other products, allows remote attackers to cause a denial of service (application crash) via a PDF document containing a crafted Type 1 font that triggers an invalid memory write, a different vulnerability than CVE-2011-0764.<br />
<br />
==== [http://cvedetails.com/cve/CVE-2011-1552 CVE-2011-1552] (Denial Of Service, Overflow) affected: current, 13.37 and all before ====<br />
t1lib 5.1.2 and earlier, as used in Xpdf before 3.02pl6 and other products, reads from invalid memory locations, which allows remote attackers to cause a denial of service (application crash) via a crafted Type 1 font in a PDF document, a different vulnerability than CVE-2011-0764.<br />
<br />
==== [http://cvedetails.com/cve/CVE-2011-0764 CVE-2011-0764] (Execute Code) affected: current, 13.37 and all before ====<br />
t1lib 5.1.2 and earlier, as used in Xpdf before 3.02pl6 and other products, uses an invalid pointer in conjunction with a dereference operation, which allows remote attackers to execute arbitrary code via a crafted Type 1 font in a PDF document, as demonstrated by testz.2184122398.pdf.<br />
<br />
=== freetype2 ===<br />
==== [http://cvedetails.com/cve/CVE-2011-0226 CVE-2011-0226] (Denial Of Service, Execute Code, Memory corruption) affected: current, 13.37 and all before ====<br />
Integer signedness error in psaux/t1decode.c in FreeType before 2.4.6, as used in CoreGraphics in Apple iOS before 4.2.9 and 4.3.x before 4.3.4 and other products, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted Type 1 font in a PDF document, as exploited in the wild in July 2011.<br />
<br />
=== libxml2 ===<br />
==== [http://cvedetails.com/cve/CVE-2011-1944 CVE-2011-1944] (Denial Of Service, Execute Code, Overflow) affected: current, 13.37 and all before ====<br />
Integer overflow in xpath.c in libxml2 2.6.x through 2.6.32 and 2.7.x through 2.7.8, and libxml 1.8.16 and earlier, allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted XML file that triggers a heap-based buffer overflow when adding a new namespace node, related to handling of XPath expressions. <br />
<br />
== n ==<br />
=== httpd ===<br />
==== [http://cvedetails.com/cve/CVE-2011-4415 CVE-2011-4415] (Denial Of Service) affected: current, 13.37 and all before ====<br />
The ap_pregsub function in server/util.c in the Apache HTTP Server 2.0.x through 2.0.64 and 2.2.x through 2.2.21, when the mod_setenvif module is enabled, does not restrict the size of values of environment variables, which allows local users to cause a denial of service (memory consumption or NULL pointer dereference) via a .htaccess file with a crafted SetEnvIf directive, in conjunction with a crafted HTTP request header, related to (1) the "len +=" statement and (2) the apr_pcalloc function call, a different vulnerability than CVE-2011-3607. <br />
<br />
==== [http://cvedetails.com/cve/CVE-2011-3607 CVE-2011-3607] (Overflow, Gain privileges) affected: current, 13.37 and all before ====<br />
Integer overflow in the ap_pregsub function in server/util.c in the Apache HTTP Server 2.0.x through 2.0.64 and 2.2.x through 2.2.21, when the mod_setenvif module is enabled, allows local users to gain privileges via a .htaccess file with a crafted SetEnvIf directive, in conjunction with a crafted HTTP request header, leading to a heap-based buffer overflow. <br />
<br />
==== [http://cvedetails.com/cve/CVE-2011-3368 CVE-2011-3368] affected: current, 13.37 and all before ====<br />
The mod_proxy module in the Apache HTTP Server 1.3.x through 1.3.42, 2.0.x through 2.0.64, and 2.2.x through 2.2.21 does not properly interact with use of (1) RewriteRule and (2) ProxyPassMatch pattern matches for configuration of a reverse proxy, which allows remote attackers to send requests to intranet servers via a malformed URI containing an initial @ (at sign) character.<br />
<br />
=== dhcp ===<br />
==== [http://cvedetails.com/cve/CVE-2011-4868 CVE-2011-4868] (Denial Of Service) affected: current, 13.37, and all before ====<br />
The logging functionality in dhcpd in ISC DHCP before 4.2.3-P2, when using Dynamic DNS (DDNS) and issuing IPv6 addresses, does not properly handle the DHCPv6 lease structure, which allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via crafted packets related to a lease-status update.<br />
<br />
==== [http://cvedetails.com/cve/CVE-2011-4539 CVE-2011-4539] (Denial Of Service) affected: current, 13.37, 13.1 ====<br />
dhcpd in ISC DHCP 4.x before 4.2.3-P1 and 4.1-ESV before 4.1-ESV-R4 does not properly handle regular expressions in dhcpd.conf, which allows remote attackers to cause a denial of service (daemon crash) via a crafted request packet.<br />
<br />
==== [http://cvedetails.com/cve/CVE-2011-2749 CVE-2011-2749] (Denial Of Service) affected: current, 13.37, and all before ====<br />
The server in ISC DHCP 3.x and 4.x before 4.2.2, 3.1-ESV before 3.1-ESV-R3, and 4.1-ESV before 4.1-ESV-R3 allows remote attackers to cause a denial of service (daemon exit) via a crafted BOOTP packet.<br />
<br />
==== [http://cvedetails.com/cve/CVE-2011-2748 CVE-2011-2748] (Denial Of Service) affected: current, 13.37, and all before ====<br />
The server in ISC DHCP 3.x and 4.x before 4.2.2, 3.1-ESV before 3.1-ESV-R3, and 4.1-ESV before 4.1-ESV-R3 allows remote attackers to cause a denial of service (daemon exit) via a crafted DHCP packet.<br />
<br />
=== openssl ===<br />
==== [http://cvedetails.com/cve/CVE-2012-0027 CVE-2012-0027] (Denial Of Service) affected: current, 13.37, and all before ====<br />
The GOST ENGINE in OpenSSL before 1.0.0f does not properly handle invalid parameters for the GOST block cipher, which allows remote attackers to cause a denial of service (daemon crash) via crafted data from a TLS client.<br />
<br />
==== [http://cvedetails.com/cve/CVE-2011-4619 CVE-2011-4619] (Denial Of Service) affected: current, 13.37, and all before ====<br />
The Server Gated Cryptography (SGC) implementation in OpenSSL before 0.9.8s and 1.x before 1.0.0f does not properly handle handshake restarts, which allows remote attackers to cause a denial of service via unspecified vectors.<br />
<br />
==== [http://cvedetails.com/cve/CVE-2011-4576 CVE-2011-4576] (Obtain Information) affected: current, 13.37, and all before ====<br />
The SSL 3.0 implementation in OpenSSL before 0.9.8s and 1.x before 1.0.0f does not properly initialize data structures for block cipher padding, which might allow remote attackers to obtain sensitive information by decrypting the padding data sent by an SSL peer.<br />
<br />
==== [http://cvedetails.com/cve/CVE-2011-4109 CVE-2011-4109] (unspecified impact) affected: current, 13.37 through 11.0 ====<br />
Double free vulnerability in OpenSSL 0.9.8 before 0.9.8s, when X509_V_FLAG_POLICY_CHECK is enabled, allows remote attackers to have an unspecified impact by triggering failure of a policy check.<br />
<br />
==== [http://cvedetails.com/cve/CVE-2011-4108 CVE-2011-4108] affected: current, 13.37, and all before ====<br />
The DTLS implementation in OpenSSL before 0.9.8s and 1.x before 1.0.0f performs a MAC check only if certain padding is valid, which makes it easier for remote attackers to recover plaintext via a padding oracle attack.<br />
<br />
==== [http://cvedetails.com/cve/CVE-2011-3210 CVE-2011-3210] (Denial Of Service) affected: current, 13.37 through 11.0 ====<br />
The ephemeral ECDH ciphersuite functionality in OpenSSL 0.9.8 through 0.9.8r and 1.0.x before 1.0.0e does not ensure thread safety during processing of handshake messages from clients, which allows remote attackers to cause a denial of service (daemon crash) via out-of-order messages that violate the TLS protocol.<br />
<br />
=== proftpd ===<br />
==== [http://cvedetails.com/cve/CVE-2011-4130 CVE-2011-4130] (Execute Code) affected: current, 13.37, and all before ====<br />
([http://bugs.proftpd.org/show_bug.cgi?id=3711 proftpd bug tracker #3711])<br />
<br />
Use-after-free vulnerability in the Response API in ProFTPD '''before 1.3.3g''' allows remote authenticated users to execute arbitrary code via vectors involving an error that occurs after an FTP data transfer.<br />
<br />
=== php ===<br />
==== [http://cvedetails.com/cve/CVE-2011-4885 CVE-2011-4885] (Denial Of Service) affected: current, 13.37 and all before ====<br />
PHP before 5.3.9 computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters.<br />
<br />
==== [http://cvedetails.com/cve/CVE-2011-3379 CVE-2011-3379] (Execute Code) affected: current, 13.37 through 12.0 ====<br />
The is_a function in PHP 5.3.7 and 5.3.8 triggers a call to the __autoload function, which makes it easier for remote attackers to execute arbitrary code by providing a crafted URL and leveraging potentially unsafe behavior in certain PEAR packages and custom autoloaders. <br />
<br />
== x ==<br />
=== libXfont ===<br />
==== [http://cvedetails.com/cve/CVE-2011-2895 CVE-2011-2895] (Execute Code, Overflow) affected: current, 13.37 and all before ====<br />
The LZW decompressor in (1) the BufCompressedFill function in fontfile/decompress.c in X.Org libXfont before 1.4.4 and (2) compress/compress.c in 4.3BSD, as used in zopen.c in OpenBSD before 3.8, FreeBSD, NetBSD 4.0.x and 5.0.x before 5.0.3 and 5.1.x before 5.1.1, FreeType 2.1.9, and other products, does not properly handle code words that are absent from the decompression table when encountered, which allows context-dependent attackers to trigger an infinite loop or a heap-based buffer overflow, and possibly execute arbitrary code, via a crafted compressed stream, a related issue to CVE-2006-1168 and CVE-2011-2896.<br />
<br />
== xap ==<br />
=== pidgin ===<br />
==== [http://cvedetails.com/cve/CVE-2011-4603 CVE-2011-4603] (Denial Of Service) affected: current, 13.37 and all before ====<br />
The silc_channel_message function in ops.c in the SILC protocol plugin in libpurple in Pidgin before 2.10.1 does not perform the expected UTF-8 validation on message data, which allows remote attackers to cause a denial of service (application crash) via a crafted message, a different vulnerability than CVE-2011-3594.<br />
<br />
==== [http://cvedetails.com/cve/CVE-2011-4602 CVE-2011-4602] (Denial Of Service) affected: current, 13.37 and all before ====<br />
The XMPP protocol plugin in libpurple in Pidgin before 2.10.1 does not properly handle missing fields in (1) voice-chat and (2) video-chat stanzas, which allows remote attackers to cause a denial of service (application crash) via a crafted message.<br />
<br />
==== [http://cvedetails.com/cve/CVE-2011-4601 CVE-2011-4601] (Denial Of Service) affected: current, 13.37 and all before ====<br />
family_feedbag.c in the oscar protocol plugin in libpurple in Pidgin before 2.10.1 does not perform the expected UTF-8 validation on message data, which allows remote attackers to cause a denial of service (application crash) via a crafted (1) AIM or (2) ICQ message associated with buddy-list addition.<br />
<br />
==== [http://cvedetails.com/cve/CVE-2011-3594 CVE-2011-3594] (Denial Of Service, Overflow) affected: current, 13.37 and all before ====<br />
The g_markup_escape_text function in the SILC protocol plug-in in libpurple 2.10.0 and earlier, as used in Pidgin and possibly other products, allows remote attackers to cause a denial of service (crash) via invalid UTF-8 sequences that trigger use of invalid pointers and an out-of-bounds read, related to interactions with certain versions of glib2.<br />
<br />
==== [http://cvedetails.com/cve/CVE-2011-3184 CVE-2011-3184] (Denial Of Service) affected: current, 13.37 and all before ====<br />
The msn_httpconn_parse_data function in httpconn.c in the MSN protocol plugin in libpurple in Pidgin before 2.10.0 does not properly handle HTTP 100 responses, which allows remote attackers to cause a denial of service (incorrect memory access and application crash) via vectors involving a crafted server message.<br />
<br />
==== [http://cvedetails.com/cve/CVE-2011-2943 CVE-2011-2943] (Denial Of Service) affected: current, 13.37 and all before ====<br />
The irc_msg_who function in msgs.c in the IRC protocol plugin in libpurple 2.8.0 through 2.9.0 in Pidgin before 2.10.0 does not properly validate characters in nicknames, which allows user-assisted remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted nickname that is not properly handled in a WHO response.</div>Adrienhttps://www.slackwiki.com/index.php?title=Category:Security:SSA&diff=641Category:Security:SSA2012-01-31T07:29:48Z<p>Adrien: /* CVE-2011-4109 affected: current, 13.37 through 11.0 */ - title: add "unspecified impact"</p>
<hr />
<div>Slackware has recently started to be inactive. At the same time, a number of security issues have been found in various components. This page aims at listing them in order to help everyone know which components have known vulnerabilities.<br />
<br />
The list below is provided as-is. It is meant to be as good as possible but we can't guarantee anything. It is sorted by slackware categories: a/, ap/, d/, ...<br />
<br />
A more comprehensive effort might appear at some point in the future (binary packages?) but this is currently only a list of packages and their CVEs when applicable and useful. In some cases, we consider pointing out a specific CVE is not useful because of the number of issues (i.e. get the last version; e.g. mozilla-*).<br />
<br />
The CVEs are typically listed as follow:<br />
${SUMMARY}<br />
* Fix:<br />
** Fixed upstream on: ${DATE}<br />
** Available in version: ${UPSTREAM_VERSION_WITH_FIX} (-current ${VERSION_IN_CURRENT}; -stable: ${VERSION_IN_13_37})<br />
** Upstream commit: ${URL_TO_THE_SPECIFIC_FIX_COMMIT}<br />
<br />
== a ==<br />
=== cups ===<br />
==== [http://cvedetails.com/cve/CVE-2011-3170 CVE-2011-3170] (Execute Code, Overflow) affected: current, 13.37 and all before ====<br />
The gif_read_lzw function in filter/image-gif.c in CUPS 1.4.8 and earlier does not properly handle the first code word in an LZW stream, which allows remote attackers to trigger a heap-based buffer overflow, and possibly execute arbitrary code, via a crafted stream, a different vulnerability than CVE-2011-2896. <br />
<br />
==== [http://cvedetails.com/cve/CVE-2011-2896 CVE-2011-2896] (Execute Code, Overflow) affected: current, 13.37 and all before ====<br />
The LZW decompressor in the LWZReadByte function in giftoppm.c in the David Koblas GIF decoder in PBMPLUS, as used in the gif_read_lzw function in filter/image-gif.c in CUPS before 1.4.7, the LZWReadByte function in plug-ins/common/file-gif-load.c in GIMP 2.6.11 and earlier, the LZWReadByte function in img/gifread.c in XPCE in SWI-Prolog 5.10.4 and earlier, and other products, does not properly handle code words that are absent from the decompression table when encountered, which allows remote attackers to trigger an infinite loop or a heap-based buffer overflow, and possibly execute arbitrary code, via a crafted compressed stream, a related issue to CVE-2006-1168 and CVE-2011-2895. <br />
<br />
== d ==<br />
=== perl === <br />
==== [http://cvedetails.com/cve/CVE-2011-2939 CVE-2011-2939] (Denial Of Service, Overflow, Memory corruption) affected: current, 13.37 through 10.0 ====<br />
Off-by-one error in the decode_xs function in Unicode/Unicode.xs in the Encode module before 2.44, as used in Perl before 5.15.6, might allow context-dependent attackers to cause a denial of service (memory corruption) via a crafted Unicode string, which triggers a heap-based buffer overflow [http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2939 (on cve.mitre.org)].<br />
* Fix:<br />
** Fixed upstream on: Tue, 9 Aug 2011<br />
** Available in version: 5.14.2 (-current: 5.14.0; -stable: 5.12.3)<br />
** Commit: http://perl5.git.perl.org/perl.git/commitdiff/e46d973584785af1f445c4dedbee4243419cb860#patch5<br />
<br />
=== ruby ===<br />
==== [http://cvedetails.com/cve/CVE-2011-2705 CVE-2011-2705] affected: current, 13.37 and all before ====<br />
The SecureRandom.random_bytes function in lib/securerandom.rb in Ruby before 1.8.7-p352 and 1.9.x before 1.9.2-p290 relies on PID values for initialization, which makes it easier for context-dependent attackers to predict the result string by leveraging knowledge of random strings obtained in an earlier process with the same PID. <br />
<br />
==== [http://cvedetails.com/cve/CVE-2011-0188 CVE-2011-0188] (Denial Of Service, Execute Code) affected: current, 13.37 and all before ====<br />
The VpMemAlloc function in bigdecimal.c in the BigDecimal class in Ruby 1.9.2-p136 and earlier, as used on Apple Mac OS X before 10.6.7 and other platforms, does not properly allocate memory, which allows context-dependent attackers to execute arbitrary code or cause a denial of service (application crash) via vectors involving creation of a large BigDecimal value within a 64-bit process, related to an "integer truncation issue."<br />
<br />
== e ==<br />
=== emacs ===<br />
<br />
== k ==<br />
=== kernel ===<br />
<br />
== l ==<br />
=== t1lib ===<br />
==== [http://cvedetails.com/cve/CVE-2011-1554 CVE-2011-1554] (Denial Of Service, Overflow) affected: current, 13.37 and all before ====<br />
Off-by-one error in t1lib 5.1.2 and earlier, as used in Xpdf before 3.02pl6 and other products, allows remote attackers to cause a denial of service (application crash) via a PDF document containing a crafted Type 1 font that triggers an invalid memory read, integer overflow, and invalid pointer dereference, a different vulnerability than CVE-2011-0764.<br />
<br />
==== [http://cvedetails.com/cve/CVE-2011-1553 CVE-2011-1553] (Denial Of Service) affected: current, 13.37 and all before ====<br />
Use-after-free vulnerability in t1lib 5.1.2 and earlier, as used in Xpdf before 3.02pl6 and other products, allows remote attackers to cause a denial of service (application crash) via a PDF document containing a crafted Type 1 font that triggers an invalid memory write, a different vulnerability than CVE-2011-0764.<br />
<br />
==== [http://cvedetails.com/cve/CVE-2011-1552 CVE-2011-1552] (Denial Of Service, Overflow) affected: current, 13.37 and all before ====<br />
t1lib 5.1.2 and earlier, as used in Xpdf before 3.02pl6 and other products, reads from invalid memory locations, which allows remote attackers to cause a denial of service (application crash) via a crafted Type 1 font in a PDF document, a different vulnerability than CVE-2011-0764.<br />
<br />
==== [http://cvedetails.com/cve/CVE-2011-0764 CVE-2011-0764] (Execute Code) affected: current, 13.37 and all before ====<br />
t1lib 5.1.2 and earlier, as used in Xpdf before 3.02pl6 and other products, uses an invalid pointer in conjunction with a dereference operation, which allows remote attackers to execute arbitrary code via a crafted Type 1 font in a PDF document, as demonstrated by testz.2184122398.pdf.<br />
<br />
=== freetype2 ===<br />
==== [http://cvedetails.com/cve/CVE-2011-0226 CVE-2011-0226] (Denial Of Service, Execute Code, Memory corruption) affected: current, 13.37 and all before ====<br />
Integer signedness error in psaux/t1decode.c in FreeType before 2.4.6, as used in CoreGraphics in Apple iOS before 4.2.9 and 4.3.x before 4.3.4 and other products, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted Type 1 font in a PDF document, as exploited in the wild in July 2011.<br />
<br />
=== libxml2 ===<br />
==== [http://cvedetails.com/cve/CVE-2011-1944 CVE-2011-1944] (Denial Of Service, Execute Code, Overflow) affected: current, 13.37 and all before ====<br />
Integer overflow in xpath.c in libxml2 2.6.x through 2.6.32 and 2.7.x through 2.7.8, and libxml 1.8.16 and earlier, allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted XML file that triggers a heap-based buffer overflow when adding a new namespace node, related to handling of XPath expressions. <br />
<br />
== n ==<br />
=== httpd ===<br />
==== [http://cvedetails.com/cve/CVE-2011-4415 CVE-2011-4415] (Denial Of Service) affected: current, 13.37 and all before ====<br />
The ap_pregsub function in server/util.c in the Apache HTTP Server 2.0.x through 2.0.64 and 2.2.x through 2.2.21, when the mod_setenvif module is enabled, does not restrict the size of values of environment variables, which allows local users to cause a denial of service (memory consumption or NULL pointer dereference) via a .htaccess file with a crafted SetEnvIf directive, in conjunction with a crafted HTTP request header, related to (1) the "len +=" statement and (2) the apr_pcalloc function call, a different vulnerability than CVE-2011-3607. <br />
<br />
==== [http://cvedetails.com/cve/CVE-2011-3607 CVE-2011-3607] (Overflow, Gain privileges) affected: current, 13.37 and all before ====<br />
Integer overflow in the ap_pregsub function in server/util.c in the Apache HTTP Server 2.0.x through 2.0.64 and 2.2.x through 2.2.21, when the mod_setenvif module is enabled, allows local users to gain privileges via a .htaccess file with a crafted SetEnvIf directive, in conjunction with a crafted HTTP request header, leading to a heap-based buffer overflow. <br />
<br />
==== [http://cvedetails.com/cve/CVE-2011-3368 CVE-2011-3368] affected: current, 13.37 and all before ====<br />
The mod_proxy module in the Apache HTTP Server 1.3.x through 1.3.42, 2.0.x through 2.0.64, and 2.2.x through 2.2.21 does not properly interact with use of (1) RewriteRule and (2) ProxyPassMatch pattern matches for configuration of a reverse proxy, which allows remote attackers to send requests to intranet servers via a malformed URI containing an initial @ (at sign) character.<br />
<br />
=== dhcp ===<br />
==== [http://cvedetails.com/cve/CVE-2011-4868 CVE-2011-4868] (Denial Of Service) affected: current, 13.37, and all before ====<br />
The logging functionality in dhcpd in ISC DHCP before 4.2.3-P2, when using Dynamic DNS (DDNS) and issuing IPv6 addresses, does not properly handle the DHCPv6 lease structure, which allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via crafted packets related to a lease-status update.<br />
<br />
==== [http://cvedetails.com/cve/CVE-2011-4539 CVE-2011-4539] (Denial Of Service) affected: current, 13.37, 13.1 ====<br />
dhcpd in ISC DHCP 4.x before 4.2.3-P1 and 4.1-ESV before 4.1-ESV-R4 does not properly handle regular expressions in dhcpd.conf, which allows remote attackers to cause a denial of service (daemon crash) via a crafted request packet.<br />
<br />
==== [http://cvedetails.com/cve/CVE-2011-2749 CVE-2011-2749] (Denial Of Service) affected: current, 13.37, and all before ====<br />
The server in ISC DHCP 3.x and 4.x before 4.2.2, 3.1-ESV before 3.1-ESV-R3, and 4.1-ESV before 4.1-ESV-R3 allows remote attackers to cause a denial of service (daemon exit) via a crafted BOOTP packet.<br />
<br />
==== [http://cvedetails.com/cve/CVE-2011-2748 CVE-2011-2748] (Denial Of Service) affected: current, 13.37, and all before ====<br />
The server in ISC DHCP 3.x and 4.x before 4.2.2, 3.1-ESV before 3.1-ESV-R3, and 4.1-ESV before 4.1-ESV-R3 allows remote attackers to cause a denial of service (daemon exit) via a crafted DHCP packet.<br />
<br />
=== openssl ===<br />
==== [http://cvedetails.com/cve/CVE-2012-0027 CVE-2012-0027] (Denial Of Service) affected: current, 13.37, and all before ====<br />
The GOST ENGINE in OpenSSL before 1.0.0f does not properly handle invalid parameters for the GOST block cipher, which allows remote attackers to cause a denial of service (daemon crash) via crafted data from a TLS client.<br />
<br />
==== [http://cvedetails.com/cve/CVE-2011-4619 CVE-2011-4619] (Denial Of Service) affected: current, 13.37, and all before ====<br />
The Server Gated Cryptography (SGC) implementation in OpenSSL before 0.9.8s and 1.x before 1.0.0f does not properly handle handshake restarts, which allows remote attackers to cause a denial of service via unspecified vectors.<br />
<br />
==== [http://cvedetails.com/cve/CVE-2011-4576 CVE-2011-4576] (Obtain Information) affected: current, 13.37, and all before ====<br />
The SSL 3.0 implementation in OpenSSL before 0.9.8s and 1.x before 1.0.0f does not properly initialize data structures for block cipher padding, which might allow remote attackers to obtain sensitive information by decrypting the padding data sent by an SSL peer.<br />
<br />
==== [http://cvedetails.com/cve/CVE-2011-4109 CVE-2011-4109] (unspecified impact) affected: current, 13.37 through 11.0 ====<br />
Double free vulnerability in OpenSSL 0.9.8 before 0.9.8s, when X509_V_FLAG_POLICY_CHECK is enabled, allows remote attackers to have an unspecified impact by triggering failure of a policy check.<br />
<br />
==== [http://cvedetails.com/cve/CVE-2011-4108 CVE-2011-4108] affected: current, 13.37, and all before ====<br />
The DTLS implementation in OpenSSL before 0.9.8s and 1.x before 1.0.0f performs a MAC check only if certain padding is valid, which makes it easier for remote attackers to recover plaintext via a padding oracle attack.<br />
<br />
==== [http://cvedetails.com/cve/CVE-2011-3210 CVE-2011-3210] (Denial Of Service) affected: current, 13.37 through 11.0 ====<br />
The ephemeral ECDH ciphersuite functionality in OpenSSL 0.9.8 through 0.9.8r and 1.0.x before 1.0.0e does not ensure thread safety during processing of handshake messages from clients, which allows remote attackers to cause a denial of service (daemon crash) via out-of-order messages that violate the TLS protocol.<br />
<br />
=== proftpd ===<br />
==== [http://cvedetails.com/cve/CVE-2011-4130 CVE-2011-4130] (Execute Code) affected: current, 13.37, and all before ====<br />
([http://bugs.proftpd.org/show_bug.cgi?id=3711 proftpd bug tracker #3711])<br />
<br />
Use-after-free vulnerability in the Response API in ProFTPD '''before 1.3.3g''' allows remote authenticated users to execute arbitrary code via vectors involving an error that occurs after an FTP data transfer.<br />
<br />
=== php ===<br />
==== [http://cvedetails.com/cve/CVE-2011-4885 CVE-2011-4885] (Denial Of Service) affected: current, 13.37 and all before ====<br />
PHP before 5.3.9 computes hash values for form parameters without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted parameters.<br />
<br />
==== [http://cvedetails.com/cve/CVE-2011-3379 CVE-2011-3379] (Execute Code) affected: current, 13.37 through 12.0 ====<br />
The is_a function in PHP 5.3.7 and 5.3.8 triggers a call to the __autoload function, which makes it easier for remote attackers to execute arbitrary code by providing a crafted URL and leveraging potentially unsafe behavior in certain PEAR packages and custom autoloaders. <br />
<br />
== x ==<br />
=== libXfont ===<br />
==== [http://cvedetails.com/cve/CVE-2011-2895 CVE-2011-2895] (Execute Code, Overflow) affected: current, 13.37 and all before ====<br />
The LZW decompressor in (1) the BufCompressedFill function in fontfile/decompress.c in X.Org libXfont before 1.4.4 and (2) compress/compress.c in 4.3BSD, as used in zopen.c in OpenBSD before 3.8, FreeBSD, NetBSD 4.0.x and 5.0.x before 5.0.3 and 5.1.x before 5.1.1, FreeType 2.1.9, and other products, does not properly handle code words that are absent from the decompression table when encountered, which allows context-dependent attackers to trigger an infinite loop or a heap-based buffer overflow, and possibly execute arbitrary code, via a crafted compressed stream, a related issue to CVE-2006-1168 and CVE-2011-2896.<br />
<br />
== xap ==<br />
=== pidgin ===<br />
==== [http://cvedetails.com/cve/CVE-2011-4603 CVE-2011-4603] (Denial Of Service) affected: current, 13.37 and all before ====<br />
The silc_channel_message function in ops.c in the SILC protocol plugin in libpurple in Pidgin before 2.10.1 does not perform the expected UTF-8 validation on message data, which allows remote attackers to cause a denial of service (application crash) via a crafted message, a different vulnerability than CVE-2011-3594.<br />
<br />
==== [http://cvedetails.com/cve/CVE-2011-4602 CVE-2011-4602] (Denial Of Service) affected: current, 13.37 and all before ====<br />
The XMPP protocol plugin in libpurple in Pidgin before 2.10.1 does not properly handle missing fields in (1) voice-chat and (2) video-chat stanzas, which allows remote attackers to cause a denial of service (application crash) via a crafted message.<br />
<br />
==== [http://cvedetails.com/cve/CVE-2011-4601 CVE-2011-4601] (Denial Of Service) affected: current, 13.37 and all before ====<br />
family_feedbag.c in the oscar protocol plugin in libpurple in Pidgin before 2.10.1 does not perform the expected UTF-8 validation on message data, which allows remote attackers to cause a denial of service (application crash) via a crafted (1) AIM or (2) ICQ message associated with buddy-list addition.<br />
<br />
==== [http://cvedetails.com/cve/CVE-2011-3594 CVE-2011-3594] (Denial Of Service, Overflow) affected: current, 13.37 and all before ====<br />
The g_markup_escape_text function in the SILC protocol plug-in in libpurple 2.10.0 and earlier, as used in Pidgin and possibly other products, allows remote attackers to cause a denial of service (crash) via invalid UTF-8 sequences that trigger use of invalid pointers and an out-of-bounds read, related to interactions with certain versions of glib2.<br />
<br />
==== [http://cvedetails.com/cve/CVE-2011-3184 CVE-2011-3184] (Denial Of Service) affected: current, 13.37 and all before ====<br />
The msn_httpconn_parse_data function in httpconn.c in the MSN protocol plugin in libpurple in Pidgin before 2.10.0 does not properly handle HTTP 100 responses, which allows remote attackers to cause a denial of service (incorrect memory access and application crash) via vectors involving a crafted server message.<br />
<br />
==== [http://cvedetails.com/cve/CVE-2011-2943 CVE-2011-2943] (Denial Of Service) affected: current, 13.37 and all before ====<br />
The irc_msg_who function in msgs.c in the IRC protocol plugin in libpurple 2.8.0 through 2.9.0 in Pidgin before 2.10.0 does not properly validate characters in nicknames, which allows user-assisted remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted nickname that is not properly handled in a WHO response.</div>Adrienhttps://www.slackwiki.com/index.php?title=Category:Security:SSA&diff=611Category:Security:SSA2012-01-29T21:46:48Z<p>Adrien: /* CVE-2011-2939 (DDoS, affected: current and stable) */</p>
<hr />
<div>Slackware has recently started to be inactive. At the same time, a number of security issues have been found in various components. This page aims at listing them in order to help everyone know which components have known vulnerabilities.<br />
<br />
The list below is provided as-is. It is meant to be as good as possible but we can't guarantee anything. It is sorted by slackware categories: a/, ap/, d/, ...<br />
<br />
A more comprehensive effort might appear at some point in the future (binary packages?) but this is currently only a list of packages and their CVEs when applicable and useful. In some cases, we consider pointing out a specific CVE is not useful because of the number of issues (i.e. get the last version; e.g. mozilla-*).<br />
<br />
The CVEs are typically listed as follow:<br />
${SUMMARY}<br />
* Fix:<br />
** Fixed upstream on: ${DATE}<br />
** Available in version: ${UPSTREAM_VERSION_WITH_FIX} (-current ${VERSION_IN_CURRENT}; -stable: ${VERSION_IN_13_37})<br />
** Upstream commit: ${URL_TO_THE_SPECIFIC_FIX_COMMIT}<br />
<br />
== a ==<br />
linux<br />
<br />
== ap ==<br />
cups : CVE-2011-3170 CVE-2011-2896<br />
<br />
== d ==<br />
=== perl === <br />
==== CVE-2011-2939 (DDoS, affected: current and stable) ====<br />
Off-by-one error in the decode_xs function in Unicode/Unicode.xs in the Encode module before 2.44, as used in Perl before 5.15.6, might allow context-dependent attackers to cause a denial of service (memory corruption) via a crafted Unicode string, which triggers a heap-based buffer overflow [http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2939 (on cve.mitre.org)].<br />
* Fix:<br />
** Fixed upstream on: Tue, 9 Aug 2011<br />
** Available in version: 5.14.2 (-current: 5.14.0; -stable: 5.12.3)<br />
** Commit: http://perl5.git.perl.org/perl.git/commitdiff/e46d973584785af1f445c4dedbee4243419cb860#patch5<br />
<br />
=== ruby ===<br />
CVE-2011-2705 CVE-2011-1004 CVE-2011-0188<br />
<br />
== e ==<br />
emacs<br />
<br />
== l ==<br />
t1lib : CVE-2011-1554 CVE-2011-1553 CVE-2011-1552 CVE-2011-0764<br />
<br />
freetype2 : CVE-2011-0226<br />
<br />
libxml2 : CVE-2011-1944<br />
<br />
== n ==<br />
==== httpd ====<br />
CVE-2011-4415 CVE-2011-4317 CVE-2011-3607 CVE-2011-3368<br />
<br />
==== dhcp ====<br />
CVE-2011-4868 CVE-2011-4539 CVE-2011-2749 CVE-2011-2748<br />
<br />
==== openssl ====<br />
CVE-2012-0027 CVE-2011-4619 CVE-2011-4576 CVE-2011-4109 CVE-2011-4108 CVE-2011-3210<br />
<br />
=== proftpd ===<br />
==== [http://cvedetails.com/cve/CVE-2011-4130 CVE-2011-4130] ([http://bugs.proftpd.org/show_bug.cgi?id=3711 proftpd bug tracker #3711]) ====<br />
<br />
AFFECTED : -current : 1.3.3e, -13.37 : 1.3.3e, and all before<br />
<br />
Use-after-free vulnerability in the Response API in ProFTPD '''before 1.3.3g''' allows remote authenticated users to execute arbitrary code via vectors involving an error that occurs after an FTP data transfer.<br />
<br />
==== php ====<br />
CVE-2011-4885 CVE-2011-3379<br />
<br />
== x ==<br />
libXfont : CVE-2011-2895<br />
<br />
== xap ==<br />
pidgin : CVE-2011-4603 CVE-2011-4602 CVE-2011-4601 CVE-2011-3594 CVE-2011-3184 CVE-2011-2943</div>Adrienhttps://www.slackwiki.com/index.php?title=Category:Security:SSA&diff=609Category:Security:SSA2012-01-29T21:46:22Z<p>Adrien: d/perl: more detailled title (kind of vuln; affected slackware releases)</p>
<hr />
<div>Slackware has recently started to be inactive. At the same time, a number of security issues have been found in various components. This page aims at listing them in order to help everyone know which components have known vulnerabilities.<br />
<br />
The list below is provided as-is. It is meant to be as good as possible but we can't guarantee anything. It is sorted by slackware categories: a/, ap/, d/, ...<br />
<br />
A more comprehensive effort might appear at some point in the future (binary packages?) but this is currently only a list of packages and their CVEs when applicable and useful. In some cases, we consider pointing out a specific CVE is not useful because of the number of issues (i.e. get the last version; e.g. mozilla-*).<br />
<br />
The CVEs are typically listed as follow:<br />
${SUMMARY}<br />
* Fix:<br />
** Fixed upstream on: ${DATE}<br />
** Available in version: ${UPSTREAM_VERSION_WITH_FIX} (-current ${VERSION_IN_CURRENT}; -stable: ${VERSION_IN_13_37})<br />
** Upstream commit: ${URL_TO_THE_SPECIFIC_FIX_COMMIT}<br />
<br />
== a ==<br />
linux<br />
<br />
== ap ==<br />
cups : CVE-2011-3170 CVE-2011-2896<br />
<br />
== d ==<br />
=== perl === <br />
==== CVE-2011-2939 (DDoS, affected: current and stable) ====<br />
Off-by-one error in the decode_xs function in Unicode/Unicode.xs in the Encode module before 2.44, as used in Perl before 5.15.6, might allow context-dependent attackers to cause a denial of service (memory corruption) via a crafted Unicode string, which triggers a heap-based buffer overflow [http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2939 (on cve.mitre.org)].<br />
* Fix:<br />
** Fixed upstream on: Tue, 9 Aug 2011<br />
** Available in version: 5.14.2 (-current: 5.14.0; -stable: 5.12.3)<br />
** Upstream commit: http://perl5.git.perl.org/perl.git/commitdiff/e46d973584785af1f445c4dedbee4243419cb860#patch5<br />
<br />
=== ruby ===<br />
CVE-2011-2705 CVE-2011-1004 CVE-2011-0188<br />
<br />
== e ==<br />
emacs<br />
<br />
== l ==<br />
t1lib : CVE-2011-1554 CVE-2011-1553 CVE-2011-1552 CVE-2011-0764<br />
<br />
freetype2 : CVE-2011-0226<br />
<br />
libxml2 : CVE-2011-1944<br />
<br />
== n ==<br />
==== httpd ====<br />
CVE-2011-4415 CVE-2011-4317 CVE-2011-3607 CVE-2011-3368<br />
<br />
==== dhcp ====<br />
CVE-2011-4868 CVE-2011-4539 CVE-2011-2749 CVE-2011-2748<br />
<br />
==== openssl ====<br />
CVE-2012-0027 CVE-2011-4619 CVE-2011-4576 CVE-2011-4109 CVE-2011-4108 CVE-2011-3210<br />
<br />
==== proftpd ====<br />
[http://cvedetails.com/cve/CVE-2011-4130 CVE-2011-4130] ([http://bugs.proftpd.org/show_bug.cgi?id=3711 proftpd bug tracker #3711])<br />
<br />
Use-after-free vulnerability in the Response API in ProFTPD '''before 1.3.3g''' allows remote authenticated users to execute arbitrary code via vectors involving an error that occurs after an FTP data transfer. <br />
<br />
<br />
==== php ====<br />
CVE-2011-4885 CVE-2011-3379<br />
<br />
== x ==<br />
libXfont : CVE-2011-2895<br />
<br />
== xap ==<br />
pidgin : CVE-2011-4603 CVE-2011-4602 CVE-2011-4601 CVE-2011-3594 CVE-2011-3184 CVE-2011-2943</div>Adrienhttps://www.slackwiki.com/index.php?title=Category:Security:SSA&diff=605Category:Security:SSA2012-01-29T21:06:24Z<p>Adrien: intro: explain the format for the CVEs on the page</p>
<hr />
<div>Slackware has recently started to be inactive. At the same time, a number of security issues have been found in various components. This page aims at listing them in order to help everyone know which components have known vulnerabilities.<br />
<br />
The list below is provided as-is. It is meant to be as good as possible but we can't guarantee anything. It is sorted by slackware categories: a/, ap/, d/, ...<br />
<br />
A more comprehensive effort might appear at some point in the future (binary packages?) but this is currently only a list of packages and their CVEs when applicable and useful. In some cases, we consider pointing out a specific CVE is not useful because of the number of issues (i.e. get the last version; e.g. mozilla-*).<br />
<br />
The CVEs are typically listed as follow:<br />
${SUMMARY}<br />
* Fix:<br />
** Fixed upstream on: ${DATE}<br />
** Available in version: ${UPSTREAM_VERSION_WITH_FIX} (-current ${VERSION_IN_CURRENT}; -stable: ${VERSION_IN_13_37})<br />
** Upstream commit: ${URL_TO_THE_SPECIFIC_FIX_COMMIT}<br />
<br />
== a ==<br />
linux<br />
<br />
== ap ==<br />
cups : CVE-2011-3170 CVE-2011-2896<br />
<br />
== d ==<br />
=== perl === <br />
==== CVE-2011-2939 ====<br />
Off-by-one error in the decode_xs function in Unicode/Unicode.xs in the Encode module before 2.44, as used in Perl before 5.15.6, might allow context-dependent attackers to cause a denial of service (memory corruption) via a crafted Unicode string, which triggers a heap-based buffer overflow [http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2939 (on cve.mitre.org)].<br />
* Fix:<br />
** Fixed upstream on: Tue, 9 Aug 2011<br />
** Available in version: 5.14.2 (-current: 5.14.0; -stable: 5.12.3)<br />
** Upstream commit: http://perl5.git.perl.org/perl.git/commitdiff/e46d973584785af1f445c4dedbee4243419cb860#patch5<br />
<br />
==== ruby ====<br />
CVE-2011-2705 CVE-2011-1004 CVE-2011-0188<br />
<br />
== e ==<br />
emacs<br />
<br />
== l ==<br />
t1lib : CVE-2011-1554 CVE-2011-1553 CVE-2011-1552 CVE-2011-0764<br />
<br />
freetype2 : CVE-2011-0226<br />
<br />
libxml2 : CVE-2011-1944<br />
<br />
== n ==<br />
bind : CVE-2011-4313<br />
<br />
httpd : CVE-2011-4415 CVE-2011-4317 CVE-2011-3607 CVE-2011-3368<br />
<br />
dhcp : CVE-2011-4868 CVE-2011-4539 CVE-2011-2749 CVE-2011-2748<br />
<br />
openssl : CVE-2012-0027 CVE-2011-4619 CVE-2011-4576 CVE-2011-4109 CVE-2011-4108 CVE-2011-3210<br />
<br />
proftpd : CVE-2011-4130<br />
<br />
php : CVE-2011-4885 CVE-2011-3379 <br />
<br />
<br />
== x ==<br />
libXfont : CVE-2011-2895<br />
<br />
== xap ==<br />
pidgin : CVE-2011-4603 CVE-2011-4602 CVE-2011-4601 CVE-2011-3594 CVE-2011-3184 CVE-2011-2943</div>Adrienhttps://www.slackwiki.com/index.php?title=Category:Security:SSA&diff=604Category:Security:SSA2012-01-29T20:47:35Z<p>Adrien: d/perl: better formatting</p>
<hr />
<div>Slackware has recently started to be inactive. At the same time, a number of security issues have been found in various components. This page aims at listing them in order to help everyone know which components have known vulnerabilities.<br />
<br />
The list below is provided as-is. It is meant to be as good as possible but we can't guarantee anything. It is sorted by slackware categories: a/, ap/, d/, ...<br />
<br />
A more comprehensive effort might appear at some point in the future (binary packages?) but this is currently only a list of packages and their CVEs when applicable and useful. In some cases, we consider pointing out a specific CVE is not useful because of the number of issues (i.e. get the last version; e.g. mozilla-*).<br />
<br />
''(Add <nowiki>[[Category:Security:SSA]]</nowiki> to the very bottom of your page to have it appear on this page)''<br />
<br />
== a ==<br />
linux<br />
<br />
== ap ==<br />
cups : CVE-2011-3170 CVE-2011-2896<br />
<br />
== d ==<br />
=== perl === <br />
==== CVE-2011-2939 ====<br />
Off-by-one error in the decode_xs function in Unicode/Unicode.xs in the Encode module before 2.44, as used in Perl before 5.15.6, might allow context-dependent attackers to cause a denial of service (memory corruption) via a crafted Unicode string, which triggers a heap-based buffer overflow [http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2939 (on cve.mitre.org)].<br />
* Fix:<br />
** Fixed upstream on: Tue, 9 Aug 2011<br />
** Available in version: 5.14.2 (-current: 5.14.0; -stable: 5.12.3)<br />
** Upstream commit: http://perl5.git.perl.org/perl.git/commitdiff/e46d973584785af1f445c4dedbee4243419cb860#patch5<br />
<br />
==== ruby ====<br />
CVE-2011-2705 CVE-2011-1004 CVE-2011-0188<br />
<br />
== e ==<br />
emacs<br />
<br />
== l ==<br />
t1lib : CVE-2011-1554 CVE-2011-1553 CVE-2011-1552 CVE-2011-0764<br />
<br />
freetype2 : CVE-2011-0226<br />
<br />
libxml2 : CVE-2011-1944<br />
<br />
== n ==<br />
bind : CVE-2011-4313<br />
<br />
httpd : CVE-2011-4415 CVE-2011-4317 CVE-2011-3607 CVE-2011-3368<br />
<br />
dhcp : CVE-2011-4868 CVE-2011-4539 CVE-2011-2749 CVE-2011-2748<br />
<br />
openssl : CVE-2012-0027 CVE-2011-4619 CVE-2011-4576 CVE-2011-4109 CVE-2011-4108 CVE-2011-3210<br />
<br />
proftpd : CVE-2011-4130<br />
<br />
php : CVE-2011-4885 CVE-2011-3379 <br />
<br />
<br />
== x ==<br />
libXfont : CVE-2011-2895<br />
<br />
== xap ==<br />
pidgin : CVE-2011-4603 CVE-2011-4602 CVE-2011-4601 CVE-2011-3594 CVE-2011-3184 CVE-2011-2943</div>Adrienhttps://www.slackwiki.com/index.php?title=Category:Security:SSA&diff=603Category:Security:SSA2012-01-29T20:40:53Z<p>Adrien: /* perl */</p>
<hr />
<div>Slackware has recently started to be inactive. At the same time, a number of security issues have been found in various components. This page aims at listing them in order to help everyone know which components have known vulnerabilities.<br />
<br />
The list below is provided as-is. It is meant to be as good as possible but we can't guarantee anything. It is sorted by slackware categories: a/, ap/, d/, ...<br />
<br />
A more comprehensive effort might appear at some point in the future (binary packages?) but this is currently only a list of packages and their CVEs when applicable and useful. In some cases, we consider pointing out a specific CVE is not useful because of the number of issues (i.e. get the last version; e.g. mozilla-*).<br />
<br />
''(Add <nowiki>[[Category:Security:SSA]]</nowiki> to the very bottom of your page to have it appear on this page)''<br />
<br />
== a ==<br />
linux<br />
<br />
== ap ==<br />
cups : CVE-2011-3170 CVE-2011-2896<br />
<br />
== d ==<br />
=== perl === <br />
==== CVE-2011-2939 ====<br />
Off-by-one error in the decode_xs function in Unicode/Unicode.xs in the Encode module before 2.44, as used in Perl before 5.15.6, might allow context-dependent attackers to cause a denial of service (memory corruption) via a crafted Unicode string, which triggers a heap-based buffer overflow. <br />
===== Fix =====<br />
Available in upstream version: 5.14.2 (-current: 5.14.0; -stable: 5.12.3)<br />
Fixed upstream on: Tue, 9 Aug 2011<br />
Upstream commit: http://perl5.git.perl.org/perl.git/commitdiff/e46d973584785af1f445c4dedbee4243419cb860#patch5<br />
===== Reference =====<br />
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2939<br />
<br />
==== ruby ====<br />
CVE-2011-2705 CVE-2011-1004 CVE-2011-0188<br />
<br />
== e ==<br />
emacs<br />
<br />
== l ==<br />
t1lib : CVE-2011-1554 CVE-2011-1553 CVE-2011-1552 CVE-2011-0764<br />
<br />
freetype2 : CVE-2011-0226<br />
<br />
libxml2 : CVE-2011-1944<br />
<br />
== n ==<br />
bind : CVE-2011-4313<br />
<br />
httpd : CVE-2011-4415 CVE-2011-4317 CVE-2011-3607 CVE-2011-3368<br />
<br />
dhcp : CVE-2011-4868 CVE-2011-4539 CVE-2011-2749 CVE-2011-2748<br />
<br />
openssl : CVE-2012-0027 CVE-2011-4619 CVE-2011-4576 CVE-2011-4109 CVE-2011-4108 CVE-2011-3210<br />
<br />
proftpd : CVE-2011-4130<br />
<br />
php : CVE-2011-4885 CVE-2011-3379 <br />
<br />
<br />
== x ==<br />
libXfont : CVE-2011-2895<br />
<br />
== xap ==<br />
pidgin : CVE-2011-4603 CVE-2011-4602 CVE-2011-4601 CVE-2011-3594 CVE-2011-3184 CVE-2011-2943</div>Adrienhttps://www.slackwiki.com/index.php?title=Category:Security:SSA&diff=602Category:Security:SSA2012-01-29T20:27:35Z<p>Adrien: d/perl: more detailled CVE</p>
<hr />
<div>Slackware has recently started to be inactive. At the same time, a number of security issues have been found in various components. This page aims at listing them in order to help everyone know which components have known vulnerabilities.<br />
<br />
The list below is provided as-is. It is meant to be as good as possible but we can't guarantee anything. It is sorted by slackware categories: a/, ap/, d/, ...<br />
<br />
A more comprehensive effort might appear at some point in the future (binary packages?) but this is currently only a list of packages and their CVEs when applicable and useful. In some cases, we consider pointing out a specific CVE is not useful because of the number of issues (i.e. get the last version; e.g. mozilla-*).<br />
<br />
''(Add <nowiki>[[Category:Security:SSA]]</nowiki> to the very bottom of your page to have it appear on this page)''<br />
<br />
== a ==<br />
linux<br />
<br />
== ap ==<br />
cups : CVE-2011-3170 CVE-2011-2896<br />
<br />
== d ==<br />
=== perl === <br />
==== CVE-2011-2939 ====<br />
Off-by-one error in the decode_xs function in Unicode/Unicode.xs in the Encode module before 2.44, as used in Perl before 5.15.6, might allow context-dependent attackers to cause a denial of service (memory corruption) via a crafted Unicode string, which triggers a heap-based buffer overflow. <br />
===== Fix =====<br />
Available in upstream version: 5.14.2 (-current: 5.14.0; -stable: 5.12.3)<br />
Fixed upstream on: Tue, 9 Aug 2011<br />
Upstream commit: http://perl5.git.perl.org/perl.git/commitdiff/e46d973584785af1f445c4dedbee4243419cb860#patch5<br />
<br />
==== ruby ====<br />
CVE-2011-2705 CVE-2011-1004 CVE-2011-0188<br />
<br />
== e ==<br />
emacs<br />
<br />
== l ==<br />
t1lib : CVE-2011-1554 CVE-2011-1553 CVE-2011-1552 CVE-2011-0764<br />
<br />
freetype2 : CVE-2011-0226<br />
<br />
libxml2 : CVE-2011-1944<br />
<br />
== n ==<br />
bind : CVE-2011-4313<br />
<br />
httpd : CVE-2011-4415 CVE-2011-4317 CVE-2011-3607 CVE-2011-3368<br />
<br />
dhcp : CVE-2011-4868 CVE-2011-4539 CVE-2011-2749 CVE-2011-2748<br />
<br />
openssl : CVE-2012-0027 CVE-2011-4619 CVE-2011-4576 CVE-2011-4109 CVE-2011-4108 CVE-2011-3210<br />
<br />
proftpd : CVE-2011-4130<br />
<br />
php : CVE-2011-4885 CVE-2011-3379 <br />
<br />
<br />
== x ==<br />
libXfont : CVE-2011-2895<br />
<br />
== xap ==<br />
pidgin : CVE-2011-4603 CVE-2011-4602 CVE-2011-4601 CVE-2011-3594 CVE-2011-3184 CVE-2011-2943</div>Adrienhttps://www.slackwiki.com/index.php?title=Category:Security:SSA&diff=601Category:Security:SSA2012-01-29T20:05:13Z<p>Adrien: explain why we're not always giving specific CVEs all the time (hopeless software)</p>
<hr />
<div>Slackware has recently started to be inactive. At the same time, a number of security issues have been found in various components. This page aims at listing them in order to help everyone know which components have known vulnerabilities.<br />
<br />
The list below is provided as-is. It is meant to be as good as possible but we can't guarantee anything. It is sorted by slackware categories: a/, ap/, d/, ...<br />
<br />
A more comprehensive effort might appear at some point in the future (binary packages?) but this is currently only a list of packages and their CVEs when applicable and useful. In some cases, we consider pointing out a specific CVE is not useful because of the number of issues (i.e. get the last version; e.g. mozilla-*).<br />
<br />
''(Add <nowiki>[[Category:Security:SSA]]</nowiki> to the very bottom of your page to have it appear on this page)''<br />
<br />
== a ==<br />
linux<br />
<br />
== ap ==<br />
cups : CVE-2011-3170 CVE-2011-2896<br />
<br />
== d ==<br />
perl : CVE-2011-2939<br />
<br />
ruby : CVE-2011-2705 CVE-2011-1004 CVE-2011-0188<br />
<br />
== e ==<br />
emacs<br />
<br />
== l ==<br />
t1lib : CVE-2011-1554 CVE-2011-1553 CVE-2011-1552 CVE-2011-0764<br />
<br />
freetype2 : CVE-2011-0226<br />
<br />
libxml2 : CVE-2011-1944<br />
<br />
== n ==<br />
bind : CVE-2011-4313<br />
<br />
httpd : CVE-2011-4415 CVE-2011-4317 CVE-2011-3607 CVE-2011-3368<br />
<br />
dhcp : CVE-2011-4868 CVE-2011-4539 CVE-2011-2749 CVE-2011-2748<br />
<br />
openssl : CVE-2012-0027 CVE-2011-4619 CVE-2011-4576 CVE-2011-4109 CVE-2011-4108 CVE-2011-3210<br />
<br />
proftpd : CVE-2011-4130<br />
<br />
php : CVE-2011-4885 CVE-2011-3379 <br />
<br />
<br />
== x ==<br />
libXfont : CVE-2011-2895<br />
<br />
== xap ==<br />
pidgin : CVE-2011-4603 CVE-2011-4602 CVE-2011-4601 CVE-2011-3594 CVE-2011-3184 CVE-2011-2943</div>Adrienhttps://www.slackwiki.com/index.php?title=Category:Security:SSA&diff=600Category:Security:SSA2012-01-29T19:30:22Z<p>Adrien: Rewrote introduction</p>
<hr />
<div>Slackware has recently started to be inactive. At the same time, a number of security issues have been found in various components. This page aims at listing them in order to help everyone know which components have known vulnerabilities.<br />
<br />
The list below is provided as-is. It is meant to be as good as possible but we can't guarantee anything. It is sorted by slackware categories: a/, ap/, d/, ...<br />
<br />
A more comprehensive effort might appear at some point in the future (binary packages?) but this is currently only a list of packages and their CVEs when applicable.<br />
<br />
''(Add <nowiki>[[Category:Security:SSA]]</nowiki> to the very bottom of your page to have it appear on this page)''<br />
<br />
== a ==<br />
linux<br />
<br />
== ap ==<br />
cups : CVE-2011-3170 CVE-2011-2896<br />
<br />
== d ==<br />
perl : CVE-2011-2939<br />
<br />
ruby : CVE-2011-2705 CVE-2011-1004 CVE-2011-0188<br />
<br />
== e ==<br />
emacs<br />
<br />
== l ==<br />
t1lib : CVE-2011-1554 CVE-2011-1553 CVE-2011-1552 CVE-2011-0764<br />
<br />
freetype2 : CVE-2011-0226<br />
<br />
libxml2 : CVE-2011-1944<br />
<br />
== n ==<br />
bind : CVE-2011-4313<br />
<br />
httpd : CVE-2011-4415 CVE-2011-4317 CVE-2011-3607 CVE-2011-3368<br />
<br />
dhcp : CVE-2011-4868 CVE-2011-4539 CVE-2011-2749 CVE-2011-2748<br />
<br />
openssl : CVE-2012-0027 CVE-2011-4619 CVE-2011-4576 CVE-2011-4109 CVE-2011-4108 CVE-2011-3210<br />
<br />
proftpd : CVE-2011-4130<br />
<br />
php : CVE-2011-4885 CVE-2011-3379 <br />
<br />
<br />
== x ==<br />
libXfont : CVE-2011-2895<br />
<br />
== xap ==<br />
pidgin : CVE-2011-4603 CVE-2011-4602 CVE-2011-4601 CVE-2011-3594 CVE-2011-3184 CVE-2011-2943</div>Adrienhttps://www.slackwiki.com/index.php?title=List_of_security_updates_missing_in_13_37&diff=596List of security updates missing in 13 372012-01-29T18:10:20Z<p>Adrien: created</p>
<hr />
<div>This page is meant to give a list of the packages which have known security issues in Slackware 13.37 and which haven't been updated yet.</div>Adrien